From b15537c62b8d951181e88fb867f1167d0525424a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Sun, 11 Jan 2026 10:34:21 +0100 Subject: [PATCH 1/5] ci: centralize BUILDBOT_VERSION in a shared file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Move the buildbot version from duplicate workflow env blocks to a single .github/buildbot-version file. Signed-off-by: Petr Štetiar --- .github/buildbot-version | 1 + .github/workflows/build-push.yml | 3 ++- .github/workflows/cleanup-pr-containers.yml | 9 ++++++--- 3 files changed, 9 insertions(+), 4 deletions(-) create mode 100644 .github/buildbot-version diff --git a/.github/buildbot-version b/.github/buildbot-version new file mode 100644 index 0000000..b6d8b76 --- /dev/null +++ b/.github/buildbot-version @@ -0,0 +1 @@ +3.11.8 diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 31f3920..84004b9 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -14,7 +14,6 @@ on: type: number env: - BUILDBOT_VERSION: 3.11.8 GITHUB_SHA_LEN: 8 concurrency: @@ -77,6 +76,7 @@ jobs: - name: Environment variables run: | + echo "BUILDBOT_VERSION=$(cat .github/buildbot-version)" >> $GITHUB_ENV echo "GIT_SHA_SHORT=${GITHUB_SHA::${{ env.GITHUB_SHA_LEN }}}" >> $GITHUB_ENV - name: Build container and export it to local Docker @@ -121,6 +121,7 @@ jobs: - name: Environment variables run: | + echo "BUILDBOT_VERSION=$(cat .github/buildbot-version)" >> $GITHUB_ENV echo "GIT_SHA_SHORT=${GITHUB_SHA::${{ env.GITHUB_SHA_LEN }}}" >> $GITHUB_ENV - name: Docker meta diff --git a/.github/workflows/cleanup-pr-containers.yml b/.github/workflows/cleanup-pr-containers.yml index 073b4b8..ddef073 100644 --- a/.github/workflows/cleanup-pr-containers.yml +++ b/.github/workflows/cleanup-pr-containers.yml @@ -4,9 +4,6 @@ on: pull_request: types: [closed] -env: - BUILDBOT_VERSION: 3.11.8 - jobs: cleanup: name: Delete PR container images @@ -21,6 +18,12 @@ jobs: - worker steps: + - name: Checkout + uses: actions/checkout@v5 + + - name: Read Buildbot version + run: echo "BUILDBOT_VERSION=$(cat .github/buildbot-version)" >> $GITHUB_ENV + - name: Delete PR container image uses: actions/delete-package-versions@v5 with: From 5cc2a73331ccd72b5d7acf8581cdc2a5fab06863 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Sun, 11 Jan 2026 14:26:09 +0100 Subject: [PATCH 2/5] ci: add container version tag to BUILDWORKER_DESCRIPTION MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add CONTAINER_TAG build argument to indicate whether the container was built from a tag (v25), PR (pr-73), or branch (main). This makes it easier to identify which version of the container is running. While at it, drop Docker prefix to make it shorter. Signed-off-by: Petr Štetiar --- .github/workflows/build-push.yml | 20 ++++++++++++++++++-- docker/buildworker/Dockerfile | 3 ++- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 84004b9..2c5a717 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -77,7 +77,14 @@ jobs: - name: Environment variables run: | echo "BUILDBOT_VERSION=$(cat .github/buildbot-version)" >> $GITHUB_ENV - echo "GIT_SHA_SHORT=${GITHUB_SHA::${{ env.GITHUB_SHA_LEN }}}" >> $GITHUB_ENV + echo "GIT_SHA_SHORT=$(git rev-parse --short=${{ env.GITHUB_SHA_LEN }} HEAD)" >> $GITHUB_ENV + if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then + echo "CONTAINER_TAG=pr-${{ inputs.pr_number }}" >> $GITHUB_ENV + elif [ "${{ startsWith(github.ref, 'refs/tags/') }}" = "true" ]; then + echo "CONTAINER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV + else + echo "CONTAINER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV + fi - name: Build container and export it to local Docker uses: docker/build-push-action@v6 @@ -88,6 +95,7 @@ jobs: build-args: | BUILDBOT_VERSION=${{ env.BUILDBOT_VERSION }} OPENWRT_VERSION=${{ env.GIT_SHA_SHORT }} + CONTAINER_TAG=${{ env.CONTAINER_TAG }} - name: Test ${{ matrix.container_flavor }} Docker container run: | @@ -122,7 +130,14 @@ jobs: - name: Environment variables run: | echo "BUILDBOT_VERSION=$(cat .github/buildbot-version)" >> $GITHUB_ENV - echo "GIT_SHA_SHORT=${GITHUB_SHA::${{ env.GITHUB_SHA_LEN }}}" >> $GITHUB_ENV + echo "GIT_SHA_SHORT=$(git rev-parse --short=${{ env.GITHUB_SHA_LEN }} HEAD)" >> $GITHUB_ENV + if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then + echo "CONTAINER_TAG=pr-${{ inputs.pr_number }}" >> $GITHUB_ENV + elif [ "${{ startsWith(github.ref, 'refs/tags/') }}" = "true" ]; then + echo "CONTAINER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV + else + echo "CONTAINER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV + fi - name: Docker meta id: meta @@ -152,3 +167,4 @@ jobs: build-args: | BUILDBOT_VERSION=${{ env.BUILDBOT_VERSION }} OPENWRT_VERSION=${{ env.GIT_SHA_SHORT }} + CONTAINER_TAG=${{ env.CONTAINER_TAG }} diff --git a/docker/buildworker/Dockerfile b/docker/buildworker/Dockerfile index 1637a6b..3929170 100644 --- a/docker/buildworker/Dockerfile +++ b/docker/buildworker/Dockerfile @@ -4,10 +4,11 @@ LABEL maintainer="OpenWrt Maintainers" ARG DEBIAN_FRONTEND=noninteractive ARG BUILDBOT_VERSION=2.10.1 ARG OPENWRT_VERSION=unknown +ARG CONTAINER_TAG=unknown ENV BUILDWORKER_MASTER=builds.openwrt.org:9990 ENV BUILDWORKER_ADMIN=contact@openwrt.org -ENV BUILDWORKER_DESCRIPTION="Docker Container https://git.openwrt.org/$OPENWRT_VERSION" +ENV BUILDWORKER_DESCRIPTION="Container ($CONTAINER_TAG) https://git.openwrt.org/$OPENWRT_VERSION" USER root From 61c35ecb418124b342da8db31b8d95e69bb30613 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Sun, 11 Jan 2026 15:13:12 +0100 Subject: [PATCH 3/5] ci: rename OPENWRT_VERSION to BUILDBOT_CONFIG_SHA MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The old name was misleading as it suggested an OpenWrt release version. The variable holds the git SHA of this buildbot config repository, used for quick URL links to the configuration commit. Signed-off-by: Petr Štetiar --- .github/workflows/build-push.yml | 4 ++-- docker/buildmaster/Dockerfile | 4 ++-- docker/buildworker/Dockerfile | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 2c5a717..ee9ec49 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -94,7 +94,7 @@ jobs: file: docker/build${{ matrix.container_flavor }}/Dockerfile build-args: | BUILDBOT_VERSION=${{ env.BUILDBOT_VERSION }} - OPENWRT_VERSION=${{ env.GIT_SHA_SHORT }} + BUILDBOT_CONFIG_SHA=${{ env.GIT_SHA_SHORT }} CONTAINER_TAG=${{ env.CONTAINER_TAG }} - name: Test ${{ matrix.container_flavor }} Docker container @@ -166,5 +166,5 @@ jobs: file: docker/build${{ matrix.container_flavor }}/Dockerfile build-args: | BUILDBOT_VERSION=${{ env.BUILDBOT_VERSION }} - OPENWRT_VERSION=${{ env.GIT_SHA_SHORT }} + BUILDBOT_CONFIG_SHA=${{ env.GIT_SHA_SHORT }} CONTAINER_TAG=${{ env.CONTAINER_TAG }} diff --git a/docker/buildmaster/Dockerfile b/docker/buildmaster/Dockerfile index 15899fd..9250e45 100644 --- a/docker/buildmaster/Dockerfile +++ b/docker/buildmaster/Dockerfile @@ -28,7 +28,7 @@ LABEL maintainer="OpenWrt Maintainers" ARG DEBIAN_FRONTEND=noninteractive ARG BUILDBOT_VERSION=2.10.1 -ARG OPENWRT_VERSION=unknown +ARG BUILDBOT_CONFIG_SHA=unknown ENV BUILDMASTER_CONFIG=config.ini ENV BUILDMASTER_PHASE=1 @@ -74,7 +74,7 @@ RUN \ RUN \ sed -i \ - "s;\"col-sm-12\">
    • OpenWrt version: $OPENWRT_VERSION
        • OpenWrt buildbot config: $BUILDBOT_CONFIG_SHA
        • Date: Sun, 11 Jan 2026 21:51:36 +0100 Subject: [PATCH 4/5] ci: avoid branch tags on workflow_dispatch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently workflow_dispatch pushes branch tags, so lets fix it by disabling branch tagging for dispatch runs. Signed-off-by: Petr Štetiar --- .github/workflows/build-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index ee9ec49..63f666a 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -146,7 +146,7 @@ jobs: images: ghcr.io/${{ github.repository }}/build${{ matrix.container_flavor }}-v${{ env.BUILDBOT_VERSION }} tags: | type=raw,value=pr-${{ inputs.pr_number }},enable=${{ github.event_name == 'workflow_dispatch' }} - type=ref,event=branch + type=ref,event=branch,enable=${{ github.event_name != 'workflow_dispatch' }} type=sha,prefix=sha-,enable=${{ github.event_name != 'workflow_dispatch' }} type=semver,pattern={{version}} From f92acc64dc01107a72505c2e6a9a8104f36baeca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Sun, 11 Jan 2026 22:51:05 +0100 Subject: [PATCH 5/5] ci: fix workflow_dispatch on PRs by using local context for docker buildx MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Without explicit context, docker/build-push-action defaults to fetching from the GitHub repository using github.sha as the ref. For workflow_dispatch events, github.sha points to the default branch (main), not the checked-out PR ref. This caused PR container builds to contain main branch code instead of the PR changes. With `context: .` makes Docker build uses the locally checked-out files from refs/pull/{N}/merge. The issue was identified by inspecting the workflow run logs which showed: docker buildx build ... https://github.com/openwrt/buildbot.git#93918cc2e2257ae8838166d2baad30617295df4e The #93918cc2... ref at the end is the main branch SHA, not the PR merge commit. This is the default behavior when context is not specified - the action uses ${{ github.server_url }}/${{ github.repository }}.git#${{ github.sha }} Signed-off-by: Petr Štetiar --- .github/workflows/build-push.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 63f666a..c9f07c6 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -89,6 +89,7 @@ jobs: - name: Build container and export it to local Docker uses: docker/build-push-action@v6 with: + context: . load: true tags: local/${{ matrix.container_flavor }} file: docker/build${{ matrix.container_flavor }}/Dockerfile @@ -160,6 +161,7 @@ jobs: - name: Build container again and push it uses: docker/build-push-action@v6 with: + context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }}