chore(ci): split out amd64 and arm64 docker builds into native runners

[leet4tari]

Description

• Split out docker builds for amd64/arm64 into native runners to address docker version "Exec format" error on raspberry pi 5 #7142 in GitHub CI
• New step to merge both builds into a multi-arch single label
• Add extra docker labels and with testNet build target included
• Match as many of the labels between both docker registries
• Extend ad-hoc CI builds, to include testNets
• Add mainNet CI target nightly build of node

Motivation and Context

• Splitting out the docker builds for amd64/arm64 into native runners to address docker version "Exec format" error on raspberry pi 5 #7142, because the docker cross-compile has broken. Using the native runners for building the local platforms should be faster, less likely to break and if it does, we can better debug what broken, verse the current state where dual-build platforms has all logging intermixed between both building platforms.
• Merge both platforms back into one label, try not to break any systems use current labeling
• Extra labels make it easier to target images
• Make sure that labels on docker registries are as close as possible
• Enabled targeted CI ad-hoc builds from GitHub
• Enable an extra nightly build for mainNet node for testing in CI

How Has This Been Tested?
Built in local fork and tested via images from fork registries

Summary by CodeRabbit

• New Features

  • Added support for network selection when manually triggering Docker builds, enabling builds for different networks.
  • Introduced a new scheduled nightly build for MainNet with specific build parameters.
  • Implemented multi-architecture Docker manifest creation and publishing for built images.
  • Added a new build matrix generation script to streamline Docker image builds across platforms.

• Improvements

  • Enhanced build workflows with refined versioning, tagging, and environment setup logic.
  • Upgraded Tor package and Alpine Linux base version in Docker image for improved security and stability.

• Chores

  • Modularized and reorganized build scripts for better maintainability and flexibility.

[coderabbitai]

"""

Walkthrough

The Docker build workflows were updated to introduce network targeting, add a new scheduled MainNet nightly build, and modularize environment setup. A new script generates build matrices from JSON definitions. Multi-architecture manifest creation was added, and versioning, tagging, and metadata logic were refined. Minor dependency updates were made to the Tor Dockerfile.

Changes

File(s)	Change Summary
.github/workflows/build_dockers.yml, .github/workflows/build_dockers_workflow.yml	Refactored and renamed jobs for environment setup and Docker builds; added network targeting, new scheduled builds, modularized build matrix generation, improved tagging/versioning, and introduced multi-architecture manifest creation. Added new workflow inputs and outputs for network selection.
buildtools/docker_rig/build-matrix.sh	New Bash script to generate a JSON build matrix for Docker images based on environment inputs and JSON definitions, supporting selective builds and multi-platform targeting.
buildtools/docker_rig/tor.Dockerfile	Updated Alpine base image version from 3.21 to 3.22 and Tor version from 0.4.8.14-r0 to 0.4.8.16-r0. Modified installation command to require a version strictly greater than the specified Tor version.

Sequence Diagram(s)

sequenceDiagram
    participant Scheduler/Manual Trigger
    participant base_builds_envs_setup
    participant build-matrix.sh
    participant builds_run/docker_builds
    participant multi-arch-create-manifest

    Scheduler/Manual Trigger->>base_builds_envs_setup: Start workflow (with tari_network input)
    base_builds_envs_setup->>build-matrix.sh: Generate build matrix (using network, version, platforms)
    base_builds_envs_setup-->>builds_run/docker_builds: Output build matrix, network, version
    builds_run/docker_builds->>builds_run/docker_builds: Build Docker images (multi-arch, tagging, metadata)
    builds_run/docker_builds-->>multi-arch-create-manifest: Built images (per arch)
    multi-arch-create-manifest->>multi-arch-create-manifest: Create & push multi-arch manifests

Loading

Possibly related PRs

• chore(ci): updates to pull version from workspace #6868: Updates version extraction from Cargo.toml in GitHub Actions workflows, directly relating to changes in version retrieval logic and build matrix setup in this PR.

Suggested reviewers

• SWvheerden

Poem

🐇
In the warren of Docker and code,
New networks and builds now explode!
With matrices spun from JSON delight,
And manifests merging left and right.
Tor hops to a fresher tune—
Nightly MainNet rises soon!
🥕
"""

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Test Results (CI)

    3 files    126 suites   41m 8s ⏱️
1 340 tests 1 340 ✅ 0 💤 0 ❌
4 018 runs  4 018 ✅ 0 💤 0 ❌

Results for commit 1624d0f.

♻️ This comment has been updated with latest results.

[github-actions]

Test Results (Integration tests)

 2 files  1 errors  1 suites   24m 26s ⏱️
 8 tests 7 ✅ 0 💤 1 ❌
10 runs  7 ✅ 0 💤 3 ❌

For more details on these parsing errors and failures, see this check.

Results for commit 1624d0f.

♻️ This comment has been updated with latest results.

[leet4tari]

I think this is pretty close now, thou ghcr is not getting latest tags

[coderabbitai]

Actionable comments posted: 6

🧹 Nitpick comments (13)

buildtools/docker_rig/build-matrix.sh (8)

11-19: DRY up image selection logic
The repeated jq selection for Minotari vs. specific images can be consolidated to reduce duplication and potential drift in selection criteria. Consider extracting a helper function or unifying the filters.

---

20-29: Clarify merging of JSON arrays
Using jq -c '. += input' is cryptic and may not merge arrays reliably. A clearer approach is:

matrix_selection=$(jq -s -c '.[0] + .[1]' tarisuite.json 3rdparty.json)

This explicitly concatenates the two arrays.

---

39-49: Reduce verbose debug output behind a flag
Unconditional echo of every item can clutter logs on large matrices. Consider adding a --verbose flag or gating these prints on an environment variable.

---

50-58: Simplify version extraction from Dockerfile
The awk command is brittle if the ARG line formatting changes. A more resilient alternative is:

version=$(grep -m1 "^ARG ${uppername}_VERSION=" "${image_name}.Dockerfile" \
  | cut -d= -f2 | tr -d '"')

---

79-87: Avoid manual comma-trimming
Building JSON by string concatenation and trimming commas is error-prone. You can generate the array with:

matrix_details=$(jq -s -c '.[]' <<< "$enriched_items")

and skip the manual %, handling.

---

92-95: Streamline platform splitting
Parsing platforms via tr and awk works, but you can simplify with:

IFS=',' read -ra platform_list <<< "${build_platforms}"

This avoids external tooling for trimming.

---

96-105: Externalize runner/arch mapping
Hard-coding runner labels and arch detection in jq can be extracted to a config or helper. This improves maintainability if you add new platforms.

---

116-120: Quote matrix variable on echo
Using unquoted echo ${matrix_platforms} can lead to word splitting or globbing. Prefer:

echo "$matrix"
echo "$matrix" | jq .

.github/workflows/build_dockers.yml (1)

30-32: Normalize comma-separated defaults
The default platforms value includes a space after the comma, but the choices do not. For consistency, remove the space:

-default: linux/arm64, linux/amd64
+default: linux/arm64,linux/amd64

.github/workflows/build_dockers_workflow.yml (4)

62-69: Enable strict mode or ensure pipefail
The # set -xuo pipefail is commented out. For deterministic failures in the matrix step, consider enabling it.

---

84-101: Harden TestNet declaration logic
The dual use of [ and && can be simplified to a single [[ ]] block and better quoting. For example:

if [[ "$GITHUB_EVENT_NAME" != "workflow_dispatch" && -z "${{ inputs.tari_network }}" ]]; then
  …
fi

---

174-176: Clean up commented registry entry
Remove the commented # name/${{ matrix.builds.image_name }} to avoid confusion in images: list.

---

341-353: Add newline at end of file
YAML requires a trailing newline.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1148073 and 8577614.

📒 Files selected for processing (4)

• .github/workflows/build_dockers.yml (4 hunks)
• .github/workflows/build_dockers_workflow.yml (5 hunks)
• buildtools/docker_rig/build-matrix.sh (1 hunks)
• buildtools/docker_rig/tor.Dockerfile (2 hunks)

🧰 Additional context used

🪛 actionlint (1.7.7)

.github/workflows/build_dockers_workflow.yml

61-61: shellcheck reported issue in this script: SC2034:warning:2:1: build_items appears unused. Verify use (or export if used externally)

(shellcheck)

---

61-61: shellcheck reported issue in this script: SC2086:info:19:6: Double quote to prevent globbing and word splitting

(shellcheck)

---

61-61: shellcheck reported issue in this script: SC2086:info:20:6: Double quote to prevent globbing and word splitting

(shellcheck)

---

61-61: shellcheck reported issue in this script: SC2086:info:21:28: Double quote to prevent globbing and word splitting

(shellcheck)

---

87-87: shellcheck reported issue in this script: SC2086:info:11:40: Double quote to prevent globbing and word splitting

(shellcheck)

---

87-87: shellcheck reported issue in this script: SC2086:info:13:54: Double quote to prevent globbing and word splitting

(shellcheck)

---

128-128: shellcheck reported issue in this script: SC2086:info:5:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:4:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:5:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2236:style:7:8: Use -n instead of ! -z

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:9:190: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:10:171: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:12:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:15:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:16:48: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:20:31: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:22:32: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: property "docker_repo" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; docker_password: string; docker_provider: string; docker_username: string; github_token: string}

(expression)

---

234-234: property "docker_repo" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; docker_password: string; docker_provider: string; docker_username: string; github_token: string}

(expression)

---

266-266: shellcheck reported issue in this script: SC2076:warning:22:47: Remove quotes from right-hand side of =~ to match as a regex rather than literally

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:48:30: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:48:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:49:40: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:49:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:50:40: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:50:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:53:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:53:61: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:56:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:56:58: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:61:32: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:62:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:62:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:63:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:63:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:64:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:70:32: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:70:41: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:71:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:71:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:72:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:72:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:73:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:73:60: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:79:32: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:80:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:80:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:81:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:81:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:83:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: property "docker_repo" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; docker_password: string; docker_provider: string; docker_username: string; github_token: string}

(expression)

🪛 YAMLlint (1.37.1)

.github/workflows/build_dockers_workflow.yml

[error] 353-353: no new line character at the end of file

(new-line-at-end-of-file)

🔇 Additional comments (22)

buildtools/docker_rig/build-matrix.sh (2)

32-37: MINOTARI_VERSION default is acceptable
Providing "dev" as a fallback tag is reasonable for local and adhoc runs.

---

65-74: Using jq to enrich objects is solid
The approach of piping each item through jq '. + {...}' is clear and maintainable.

buildtools/docker_rig/tor.Dockerfile (2)

3-3: Bump Alpine base to 3.22
Upgrading the base image aligns with the latest security and package updates.

---

12-12: Update Tor to version 0.4.8.16-r0
This matches the desired security and feature patch level.

.github/workflows/build_dockers.yml (8)

14-16: Added MainNet debug nightly schedule
The new cron: '23 01 * * 0-5' entry supports a MainNet debug build Sunday–Friday.

---

20-27: Extended workflow_dispatch inputs
The added descriptions for version and tag_alias improve clarity in the UI.

---

33-41: Introduce tari_network input
Supporting multiple networks (esmeralda, nextnet, mainnet, igor) as a dispatch input enables flexible ad-hoc builds.

---

70-77: Expose tari_network from setup job
Adding tari_network to the outputs ensures downstream jobs can adapt per network.

---

83-85: Verify use of github.event.schedule context
github.event.schedule may not exist in the schedule event payload. Confirm that $SCHEDULE reliably reflects the cron expression.

---

113-120: Propagate tari_network for manual builds
Correctly reading github.event.inputs.tari_network allows manual workflows to target the right network.

---

136-143: Confirm schedule matching logic
The comparison if [[ "${SCHEDULE}" == "23 01 * * 0-5" ]] may never fire if $SCHEDULE is unset or differently formatted. Verify $SCHEDULE and adjust the condition as needed.

---

146-160: Consume tari_network in builds_run
Passing tari_network into build_dockers_workflow.yml enables network-specific tagging.

.github/workflows/build_dockers_workflow.yml (10)

23-28: Add descriptions for new inputs
Providing descriptions for version, tag_alias, and tari_network clarifies their intent in the workflow call.

---

38-39: Document platforms input
The added description for platforms aligns with the dispatch UI schema.

---

47-53: Expose matrix and network outputs
Publishing matrix, TARI_NETWORK, and TARI_TARGET_NETWORK allows downstream jobs to consume dynamic build parameters.

---

76-82: Invoke build-matrix.sh correctly
Changing into buildtools/docker_rig before sourcing ensures the script finds its JSON definitions.

---

116-117: Matrix-driven runner selection
Using ${{ matrix.builds.runner }} cleanly directs jobs to the correct host per architecture.

---

119-121: Propagate network env vars
Setting TARI_NETWORK and TARI_TARGET_NETWORK in the job environment is correct.

---

129-133: Retain expiration only for non-releases
The regex and logic correctly skip setting EXPIRATION for tags.

---

145-150: Construct per-image tag aliases
Building TAG_ALIASQ and TAG_ALIASG with network and arch suffixes ensures unique ad-hoc tags.

---

219-220: Use matrix-driven Dockerfile path
Referencing ./buildtools/docker_rig/${{ matrix.builds.dockerfile }} is correct and maintains flexibility.

---

226-234: Pass full build arguments
Including TARI_NETWORK and TARI_TARGET_NETWORK here ensures images are configured per network.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (3)

.github/workflows/build_dockers.yml (1)

27-32: Unify platform option formatting
The option "linux/arm64,linux/amd64" (no space) conflicts with later output "linux/arm64, linux/amd64" (with space). Standardize on one format (prefer no space) to avoid parsing issues in downstream scripts.

.github/workflows/build_dockers_workflow.yml (2)

61-64: Suggest enabling strict mode in Set Matrix
Uncomment set -xuo pipefail to fail early on any script errors during matrix generation.

---

80-82: Quote matrix output
To handle multi-line JSON safely, consider:

echo "matrix=${matrix}" >> $GITHUB_OUTPUT

or use printf '%s' "$matrix".

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8577614 and d2264ce.

📒 Files selected for processing (4)

• .github/workflows/build_dockers.yml (4 hunks)
• .github/workflows/build_dockers_workflow.yml (5 hunks)
• buildtools/docker_rig/build-matrix.sh (1 hunks)
• buildtools/docker_rig/tor.Dockerfile (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• buildtools/docker_rig/tor.Dockerfile
• buildtools/docker_rig/build-matrix.sh

🧰 Additional context used

🪛 actionlint (1.7.7)

.github/workflows/build_dockers_workflow.yml

61-61: shellcheck reported issue in this script: SC2034:warning:2:1: build_items appears unused. Verify use (or export if used externally)

(shellcheck)

---

61-61: shellcheck reported issue in this script: SC2086:info:19:6: Double quote to prevent globbing and word splitting

(shellcheck)

---

61-61: shellcheck reported issue in this script: SC2086:info:20:6: Double quote to prevent globbing and word splitting

(shellcheck)

---

61-61: shellcheck reported issue in this script: SC2086:info:21:28: Double quote to prevent globbing and word splitting

(shellcheck)

---

87-87: shellcheck reported issue in this script: SC2086:info:11:40: Double quote to prevent globbing and word splitting

(shellcheck)

---

87-87: shellcheck reported issue in this script: SC2086:info:13:54: Double quote to prevent globbing and word splitting

(shellcheck)

---

128-128: shellcheck reported issue in this script: SC2086:info:5:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:4:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:5:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2236:style:7:8: Use -n instead of ! -z

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:9:190: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:10:171: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:12:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:15:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:16:48: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:20:31: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: shellcheck reported issue in this script: SC2086:info:22:32: Double quote to prevent globbing and word splitting

(shellcheck)

---

138-138: property "docker_repo" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; docker_password: string; docker_provider: string; docker_username: string; github_token: string}

(expression)

---

234-234: property "docker_repo" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; docker_password: string; docker_provider: string; docker_username: string; github_token: string}

(expression)

---

266-266: shellcheck reported issue in this script: SC2076:warning:22:47: Remove quotes from right-hand side of =~ to match as a regex rather than literally

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:48:30: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:48:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:49:40: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:49:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:50:40: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:50:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:53:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:53:61: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:56:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:56:58: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:61:32: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:62:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:62:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:63:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:63:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:64:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:70:32: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:70:41: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:71:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:71:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:72:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:72:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:73:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:73:60: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:79:32: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:80:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:80:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:81:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:81:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: shellcheck reported issue in this script: SC2086:info:83:51: Double quote to prevent globbing and word splitting

(shellcheck)

---

266-266: property "docker_repo" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; docker_password: string; docker_provider: string; docker_username: string; github_token: string}

(expression)

⏰ Context from checks skipped due to timeout of 90000ms (5)

• GitHub Check: test (mainnet, stagenet)
• GitHub Check: test (nextnet, nextnet)
• GitHub Check: ci
• GitHub Check: cargo check with stable
• GitHub Check: test (testnet, esmeralda)

🔇 Additional comments (29)

.github/workflows/build_dockers.yml (8)

14-15: Add MainNet debug nightly schedule
The new cron entry ('23 01 * * 0-5') complements the existing nightly build, targeting MainNet debug at 01:23 Sunday–Friday.

---

20-22: Define manual version override input
The version input description and default (latest-adhoc) are clear and appropriate.

---

33-41: Approve new tari_network input
The addition of the tari_network choice (esmeralda, nextnet, mainnet, igor) with a default and description aligns with the network-targeting goal.

---

96-97: Simplify tagged-build version
Switching from timestamp+SHA suffix to raw tag (VERSION="${{ github.ref_name }}") matches the PR summary.

---

113-120: Inject network selection in manual builds
Echoing tari_network=${{ github.event.inputs.tari_network }} ensures manual dispatch honors the chosen network.

---

121-129: Weekly schedule sets alias correctly
The weekly cron block now emits tag_alias=latest-weekly alongside platforms and network.

---

136-143: Special nightly CI build configured
The 23 01 * * 0-5 block correctly overrides to nightly-ci-node on MainNet with the appropriate platforms and items.

---

154-159: Consume new network output in builds_run
Passing tari_network (and build_items) into the downstream workflow ensures proper scoping.

.github/workflows/build_dockers_workflow.yml (21)

23-29: Approve new inputs for version, tag alias, and network targeting
The workflow_call inputs (version, tag_alias, tari_network) are well-documented and support the split-architecture build.

---

38-38: Document platforms input
The added description clarifies valid Docker target platforms.

---

50-52: Expose network outputs
Adding TARI_NETWORK and TARI_TARGET_NETWORK to builds_envs_setup outputs propagates network context downstream.

---

64-75: Approve version fallback logic
Extracting version from Cargo.toml (with branch and date+SHA) when no input version is provided is robust.

---

86-100: Declare TestNet environment
The conditional sourcing of multinet_envs.sh based on event context correctly sets both network variables.

---

116-120: Inject network variables into Docker builds
Mapping TARI_NETWORK and TARI_TARGET_NETWORK into the docker_builds job’s env block is essential for network-specific tagging.

---

174-177: Metadata images configuration
Expanding the images list to both GHCR and the provider registry covers all publish targets.

---

178-186: Approve tagging strategy
The docker/metadata-action tags cover scheduled, branch, PR, semver, and raw patterns as expected.

---

189-192: Enrich OCI labels
Additional labels (vendor, title, description, etc.) improve image metadata and traceability.

---

219-221: Approve dynamic Dockerfile & platform reference
Referencing matrix.builds.dockerfile and matrix.builds.platform aligns with the matrix design.

---

226-233: Build arguments include network settings
Passing TARI_NETWORK, TARI_TARGET_NETWORK, and other build args ensures the container respects network context.

---

235-240: Tag aliases are pushed correctly
Using both TAG_ALIASQ and TAG_ALIASG ensures alias tags land in both registries.

---

242-242: Preserve annotations
Passing annotations: ${{ steps.meta.outputs.annotations }} retains extra OCI metadata.

---

245-247: Log Docker digest
Printing the digest and image name aids in post-build verification.

---

259-261: Authenticate for multi-arch manifest
Logging in to both GHCR and the external provider is required before manifest operations.

---

267-281: Multi-arch image detection
Using jq to filter for images built on both amd64 and arm64 is precise.

---

293-302: Suffix logic for networked images
Appending -${TARI_NETWORK} only for minotari_* images is consistent with the tagging scheme.

---

313-321: Create multi-arch manifests
The docker manifest create --amend sequence is correct for each registry and architecture.

---

324-331: Alias manifest for latest tags
Conditional creation of alias manifests for latest-* builds enhances user convenience.

---

333-340: Release tag manifests
Automated manifest creation for version tags ensures full multi-arch releases.

---

342-350: Latest release alias manifest
The final aliasing step (latest-${DSUFFIX}) covers the common “latest” channel for releases.

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (5)

.github/workflows/build_dockers.yml (2)

14-15: Add clarity on scheduled cron triggers
The new cron at 23 01 * * 0-5 enables the MainNet Debug nightly build. Consider documenting that GitHub Actions schedules run in UTC to avoid timezone confusion.

---

20-27: Refine tari_network input description
The tari_network description reads "target testNet" but includes mainnet and igor. Update it to "target network" for accuracy, and ensure the wording aligns with the reusable workflow’s input.

Also applies to: 32-41

.github/workflows/build_dockers_workflow.yml (3)

23-29: Align input descriptions
The version, tag_alias, and tari_network inputs now have descriptions, but wording differs from the dispatch workflow. Standardize phrasing (e.g., "target network" vs "target testNet") and ensure both workflows use identical language.

Also applies to: 38-39

---

84-100: Clarify network detection logic
The set-tari-network step picks between tag-based and manual inputs. Consider adding inline comments to explain the two cases and verify multinet_envs.sh reliably sets both TARI_NETWORK and TARI_TARGET_NETWORK.

---

153-155: Simplify build args naming
The environment variable DOCKER_SUBTAG holds build args. For clarity, consider renaming it to DOCKER_BUILD_ARGS or document its intended use.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cf846e3 and 1624d0f.

📒 Files selected for processing (2)

• .github/workflows/build_dockers.yml (3 hunks)
• .github/workflows/build_dockers_workflow.yml (4 hunks)

🧰 Additional context used

🪛 actionlint (1.7.7)

.github/workflows/build_dockers_workflow.yml

138-138: property "docker_repo" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; docker_password: string; docker_provider: string; docker_username: string; github_token: string}

(expression)

---

234-234: property "docker_repo" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; docker_password: string; docker_provider: string; docker_username: string; github_token: string}

(expression)

---

266-266: property "docker_repo" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; docker_password: string; docker_provider: string; docker_username: string; github_token: string}

(expression)

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: cargo check with stable
• GitHub Check: test (mainnet, stagenet)
• GitHub Check: test (nextnet, nextnet)
• GitHub Check: test (testnet, esmeralda)

🔇 Additional comments (17)

.github/workflows/build_dockers.yml (7)

70-77: Confirm job renaming and new output
The builds_envs_setup job was renamed to base_builds_envs_setup and now outputs tari_network. Verify that downstream jobs and the reusable workflow (builds_run) correctly reference this new job name and output.

---

83-84: Review SCHEDULE env usage
Passing github.event.schedule into SCHEDULE drives the schedule‐specific logic. Confirm that github.event.schedule exists on schedule events and carries the exact cron string you expect.

---

96-99: Simplify version tag logic
You’ve removed the date/commit suffix from VERSION. Ensure uniqueness is still guaranteed for non‐tagged builds, or that version derivation is fully handled downstream.

---

104-112: Verify branch build network constraint
Branch builds now force tari_network=esmeralda. Confirm that builds on build-dockers-* and build-all-* should always target Esmeralda, or consider allowing other networks if needed.

---

118-118: Ensure manual network override is effective
Manual dispatch now emits tari_network. Double‐check that this propagated input is honored in all downstream steps and that the default remains appropriate.

---

122-129: Review scheduled build distinctions
Weekly (Sunday) and nightly builds set distinct platforms, tag_alias, and tari_network. Validate that the date +%u check (7 → weekly) vs weekdays correctly partitions the schedules.

---

154-159: Propagate new output to reusable workflow
The builds_run job now passes tari_network into the reusable workflow. Verify that the called workflow accepts and correctly uses this input.

.github/workflows/build_dockers_workflow.yml (10)

47-52: New outputs for network routing
You’ve exposed TARI_NETWORK and TARI_TARGET_NETWORK from builds_envs_setup. Confirm both outputs are needed and document their distinction to aid future maintainers.

---

77-83: Verify build-matrix script integration
Sourcing build-matrix.sh dynamically sets the matrix. Ensure the script exists at buildtools/docker_rig/, is executable, and always emits valid JSON in the matrix variable.

---

102-104: Dynamic matrix consumption
The docker_builds job uses the matrix from builds_envs_setup. Verify that fromJson(needs.builds_envs_setup.outputs.matrix) yields the expected structure and that matrix.builds fields (e.g., arch, image_name, dockerfile) align downstream.

Also applies to: 110-112

---

116-120: Propagate network environment
Injecting both TARI_NETWORK and TARI_TARGET_NETWORK into docker_builds is critical. Confirm that build arguments reference the correct variable where needed (e.g., TARI_NETWORK vs TARI_TARGET_NETWORK).

---

129-134: Retention policy correctness
Expiration is skipped for semver tags via regex. Ensure the pattern ^refs\/tags\/v[0-9]+\.[0-9]+\.[0-9]+.*$ covers all your release tag formats, including prereleases if intended.

---

142-150: Review tag alias environment variables
TAG_ALIASQ and TAG_ALIASG are composed using secrets.DOCKER_REPO. If DOCKER_REPO isn’t defined in the repo settings, this will fail at runtime. Confirm the secret exists or adjust to DOCKER_PROVIDER settings.

---

174-198: Validate metadata-action configuration
You’ve added conditional tag types for schedule, branch, PR, and semver. Test locally or via a dry run to confirm that only the desired tags are emitted for each event type.

---

218-233: Review docker/build-push-action parameters
Confirm that ${{ matrix.builds.dockerfile }} exists under buildtools/docker_rig/, and that TAG_ALIASQ/TAG_ALIASG are always set (even for non-minotari images). Validate that files, platforms, and build‐args resolve as intended.

Also applies to: 235-239

---

248-254: Approve multi-arch manifest job addition
The new multi-arch-create-manifest job correctly logs in and prepares for manifest creation. The approach to grouping images by arch and merging them is well-structured.

---

264-272: Check multi-arch image detection
The jq filter selects images that have both amd64 and arm64. When new build items are added, ensure this logic still correctly identifies multi-arch candidates.

[leet4tari]

Build feature for cron, tags, branch and ad-hoc working as expected for all minotari and 3rd party build tools.

I believe this is ready for review and merge.