Skip to content

Timestamp image tagging#96

Merged
kadamidev merged 4 commits into
developfrom
ts-image-tagging
Mar 25, 2026
Merged

Timestamp image tagging#96
kadamidev merged 4 commits into
developfrom
ts-image-tagging

Conversation

@kadamidev

@kadamidev kadamidev commented Mar 24, 2026

Copy link
Copy Markdown
Contributor

for fluxcd

Summary by CodeRabbit

  • Chores
    • Build pipeline now generates an additional image tag and pushes that tag alongside existing DEV and PROD image tags.
    • Example and test environment flight service URLs updated to a new flight hostname (protocol and port unchanged).
    • Bumped an internal library dependency to a newer release candidate version.

@coderabbitai

coderabbitai Bot commented Mar 24, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

The CI workflow now generates an image tag via a new step, exposes it as jobs.build-and-push.outputs.image_tag, builds DEV and PROD images with that tag (in addition to :latest), and pushes corresponding remote tags to ECR alongside existing tags. Environment examples and a dependency version were also updated.

Changes

Cohort / File(s) Summary
CI workflow
\.github/workflows/build-dpid-resolver.yaml
Added Generate image tag step; set jobs.build-and-push.outputs.image_tag = ${{ steps.image-tag.outputs.tag }}; Docker build steps now tag DEV/PROD images with the generated tag in addition to :latest; push steps create and push remote tags using the generated image_tag alongside existing tags.
Env examples
.env.example, .env.test
Updated CERAMIC_FLIGHT_URL host from ceramic-one-dev.desci.comceramic-one-flight-dev.desci.com (keeps http://...:5102); .env.test also gained a trailing blank line.
Package metadata
package.json
Bumped @desci-labs/desci-codex-lib from ^2.0.0-rc8^2.0.0-rc9; file reformatting/whitespace and added trailing newline.

Sequence Diagram(s)

sequenceDiagram
    participant GH as GitHub Actions
    participant Tagger as Generate image tag
    participant Builder as Docker build (DEV/PROD)
    participant ECR as Amazon ECR

    GH->>Tagger: run tag generator (outputs.tag)
    Tagger-->>GH: outputs.tag (image_tag)
    GH->>Builder: build images with :latest and :${{steps.image-tag.outputs.tag}}
    Builder-->>GH: built images
    GH->>ECR: push images with :latest, :${{steps.image-tag.outputs.tag}}, :${{github.sha}}
    ECR-->>GH: stored image tags
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I found a tag and gave it a name,
Paired DEV and PROD in a tidy game,
I nudged a host, a newline too,
Bumped a lib — one small hop through,
CI hums along; I twitch my ear — hooray! 🎋

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Timestamp image tagging' directly matches the main change in the changeset: adding timestamped image tags to the Docker build and push workflow in .github/workflows/build-dpid-resolver.yaml.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ts-image-tagging

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
.github/workflows/build-dpid-resolver.yaml (1)

43-45: Quote the SHA variable for shell safety.

While github.sha is GitHub-controlled and safe, quoting variables is a good practice to prevent issues with unexpected characters in other contexts.

💡 Suggested improvement
            - name: Generate image tag
              id: image-tag
-              run: echo "tag=$(echo ${{ github.sha }} | cut -c1-7)-$(date +%s)" >> $GITHUB_OUTPUT
+              run: echo "tag=$(echo '${{ github.sha }}' | cut -c1-7)-$(date +%s)" >> $GITHUB_OUTPUT
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-dpid-resolver.yaml around lines 43 - 45, In the
"Generate image tag" step (id: image-tag) the unquoted github.sha expansion is
used; update the run line to quote the SHA when piping to cut and when embedding
into the tag (i.e., use a quoted "${{ github.sha }}" in the inner echo and
ensure the final tag assignment is quoted) so the value is shell-safe and robust
against any unexpected characters.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/build-dpid-resolver.yaml:
- Line 79: The workflow currently builds images tagged with ${{
steps.image-tag.outputs.tag }} (via CONTAINER_IMAGE-dev:${{
steps.image-tag.outputs.tag }} and CONTAINER_IMAGE-prod:${{
steps.image-tag.outputs.tag }}) but the ECR push steps only push the
${GITHUB_SHA} and latest tags; update both the DEV and PROD push steps to also
push the generated timestamp tag from steps.image-tag.outputs.tag. Specifically,
in the push commands for the dev image (referencing CONTAINER_IMAGE-dev) and the
prod image (CONTAINER_IMAGE-prod), add the additional tag push using the same
${{ steps.image-tag.outputs.tag }} value so ECR receives the timestamp tag for
FluxCD to consume.

---

Nitpick comments:
In @.github/workflows/build-dpid-resolver.yaml:
- Around line 43-45: In the "Generate image tag" step (id: image-tag) the
unquoted github.sha expansion is used; update the run line to quote the SHA when
piping to cut and when embedding into the tag (i.e., use a quoted "${{
github.sha }}" in the inner echo and ensure the final tag assignment is quoted)
so the value is shell-safe and robust against any unexpected characters.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ac0d69df-c89d-481f-ae0d-2747e11d1950

📥 Commits

Reviewing files that changed from the base of the PR and between 8a359c6 and da5866f.

📒 Files selected for processing (1)
  • .github/workflows/build-dpid-resolver.yaml

Comment thread .github/workflows/build-dpid-resolver.yaml

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
.env.example (1)

35-35: ⚠️ Potential issue | 🟡 Minor

Update commented staging and production FlightSQL endpoints for consistency.

The active dev configuration was updated to use HTTPS and the new hostname (https://ceramic-one-flight-dev.desci.com), but the commented staging (line 35) and production (line 42) sections still reference the old HTTP endpoint format (http://ceramic-one-prod.desci.com:5102).

Update these commented sections to maintain consistency and prevent confusion if developers uncomment them.

📝 Proposed fix for consistency
 # DPID_ENV=staging
 # OPTIMISM_RPC_URL=https://reverse-proxy-staging.desci.com/rpc_opt_sepolia
 # CERAMIC_URL=https://ceramic-prod.desci.com
 # IPFS_GATEWAY=https://ipfs.desci.com/ipfs
-# CERAMIC_FLIGHT_URL=http://ceramic-one-prod.desci.com:5102
+# CERAMIC_FLIGHT_URL=https://ceramic-one-flight-prod.desci.com

 # Prod
 # DPID_ENV=production
 # OPTIMISM_RPC_URL=https://reverse-proxy-prod.desci.com/rpc_opt_sepolia
 # CERAMIC_URL=https://ceramic-prod.desci.com
 # IPFS_GATEWAY=https://ipfs.desci.com/ipfs
-# CERAMIC_FLIGHT_URL=http://ceramic-one-prod.desci.com:5102
+# CERAMIC_FLIGHT_URL=https://ceramic-one-flight-prod.desci.com

Also applies to: 42-42

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.env.example at line 35, Update the commented CERAMIC_FLIGHT_URL entries for
staging and production to match the dev pattern (use HTTPS and the new
"ceramic-one-flight-..." hostnames); locate the commented CERAMIC_FLIGHT_URL
lines for staging and production and replace the old
"http://ceramic-one-prod.desci.com:5102" style values with the HTTPS variants
using "ceramic-one-flight-staging.desci.com" and
"ceramic-one-flight-prod.desci.com" respectively so the commented examples are
consistent with the active dev setting.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In @.env.example:
- Line 35: Update the commented CERAMIC_FLIGHT_URL entries for staging and
production to match the dev pattern (use HTTPS and the new
"ceramic-one-flight-..." hostnames); locate the commented CERAMIC_FLIGHT_URL
lines for staging and production and replace the old
"http://ceramic-one-prod.desci.com:5102" style values with the HTTPS variants
using "ceramic-one-flight-staging.desci.com" and
"ceramic-one-flight-prod.desci.com" respectively so the commented examples are
consistent with the active dev setting.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c344971f-6249-404a-a3a7-b6139b90b8ef

📥 Commits

Reviewing files that changed from the base of the PR and between da5866f and 3ed02e4.

📒 Files selected for processing (3)
  • .env.example
  • .env.test
  • .github/workflows/build-dpid-resolver.yaml

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (2)
.env.test (1)

9-9: Reorder env keys to satisfy dotenv-linter

At Line 9, CERAMIC_FLIGHT_URL should be placed before CERAMIC_URL to clear the reported UnorderedKey warning and avoid lint noise/failures.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.env.test at line 9, Reorder the environment variable keys so
dotenv-linter's alphabetical order is satisfied: move CERAMIC_FLIGHT_URL to
appear before CERAMIC_URL in the .env.test file; ensure the two keys
(CERAMIC_FLIGHT_URL and CERAMIC_URL) are in correct ascending order relative to
surrounding entries to clear the UnorderedKey warning.
.env.example (1)

24-24: Keep key ordering consistent with dotenv-linter

At Line 24, place CERAMIC_FLIGHT_URL above CERAMIC_URL in this section to resolve the UnorderedKey warning.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.env.example at line 24, Reorder the keys in .env.example to satisfy
dotenv-linter by moving CERAMIC_FLIGHT_URL so it appears above CERAMIC_URL in
that section; locate the lines containing CERAMIC_FLIGHT_URL and CERAMIC_URL and
swap their positions so the file key ordering matches the linter's expected
alphabetical/section order.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.env.example:
- Line 24: Reorder the keys in .env.example to satisfy dotenv-linter by moving
CERAMIC_FLIGHT_URL so it appears above CERAMIC_URL in that section; locate the
lines containing CERAMIC_FLIGHT_URL and CERAMIC_URL and swap their positions so
the file key ordering matches the linter's expected alphabetical/section order.

In @.env.test:
- Line 9: Reorder the environment variable keys so dotenv-linter's alphabetical
order is satisfied: move CERAMIC_FLIGHT_URL to appear before CERAMIC_URL in the
.env.test file; ensure the two keys (CERAMIC_FLIGHT_URL and CERAMIC_URL) are in
correct ascending order relative to surrounding entries to clear the
UnorderedKey warning.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0b2c32b6-ea2d-410c-a122-294c078eedbf

📥 Commits

Reviewing files that changed from the base of the PR and between 3ed02e4 and d57ad91.

⛔ Files ignored due to path filters (2)
  • package-lock.json is excluded by !**/package-lock.json
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (3)
  • .env.example
  • .env.test
  • package.json

@kadamidev kadamidev merged commit 830e298 into develop Mar 25, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant