Skip to content

[BRE-1907] Add artifact manifest to build.yml#7920

Open
gitclonebrian wants to merge 2 commits into
mainfrom
BRE-1907/add-artifact-manifest-to-build
Open

[BRE-1907] Add artifact manifest to build.yml#7920
gitclonebrian wants to merge 2 commits into
mainfrom
BRE-1907/add-artifact-manifest-to-build

Conversation

@gitclonebrian

@gitclonebrian gitclonebrian commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

🎟️ Tracking

BRE-1907

📔 Objective

This PR is one of 3 across the server, deploy, and devops repos. The overall goal of these is to provide the final deployment workflow in devops with the SHAs of the images that need to be deployed. The current logic uses image tags in the deploy workflow, which are mutable. Deploying using the immutable SHAs from the build step ensures the intended images are deployed.

This PR adds steps to .github/workflows/build.yml that builds and uploads a manifest as an artifact to the run. The manifest contains digests of all the container images built in the run so that downstream workflows can use a given build.yml run's ID as a key to retrieve and deploy the exact images built in that run. The manifest follows the standard outlined in this action.

…for the image built in that step. added a final job to aggregate the fragments into a final manifest
@gitclonebrian gitclonebrian changed the title BRE-1907/Add artifact manifest to build.yml [BRE-1907] Add artifact manifest to build.yml Jul 2, 2026
@gitclonebrian gitclonebrian added the hold Hold this PR or item until later; DO NOT MERGE label Jul 2, 2026
@codecov

codecov Bot commented Jul 2, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 61.35%. Comparing base (e899a9c) to head (56a0603).

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #7920      +/-   ##
==========================================
- Coverage   61.35%   61.35%   -0.01%     
==========================================
  Files        2236     2236              
  Lines       98547    98547              
  Branches     8911     8911              
==========================================
- Hits        60468    60463       -5     
  Misses      35943    35943              
- Partials     2136     2141       +5     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@gitclonebrian gitclonebrian added the t:ci Change Type - Updates to automated workflows label Jul 2, 2026
@gitclonebrian gitclonebrian marked this pull request as ready for review July 2, 2026 21:55
@gitclonebrian gitclonebrian requested a review from a team as a code owner July 2, 2026 21:55
@gitclonebrian gitclonebrian requested a review from dereknance July 2, 2026 21:55
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

🤖 Bitwarden Claude Code Review

Overall Assessment: APPROVE

This PR adds an image manifest to .github/workflows/build.yml. Each matrix leg of build-artifacts now emits a per-image JSON fragment (name, registry, image, tag, digest) and uploads it as an artifact; a new image-manifest job downloads all fragments, combines them with jq, and publishes an aggregate manifest via bitwarden/gh-actions/artifact-manifest. The trigger-k8s-deploy job gains a dependency on image-manifest so deploys can key off immutable digests. New third-party actions are SHA-pinned, and the bitwarden/gh-actions/*@main reference matches the existing convention in this file.

Code Review Details

No blocking findings. The fragment filenames are keyed on unique project names (safe under merge-multiple: true), the combine step is guarded upstream by if-no-files-found: error plus the needs: build-artifacts success requirement, and _AZ_REGISTRY resolves from the workflow-level env. Note the hold label is applied — this is one of three coordinated PRs (server/deploy/devops) and should not merge until the others are ready.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

hold Hold this PR or item until later; DO NOT MERGE t:ci Change Type - Updates to automated workflows

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant