Skip to content

ci(publish): dispatch full image-lane smoke after GHCR push#18

Draft
PipDscvr wants to merge 1 commit into
mainfrom
feat/dispatch-image-smoke-post-publish
Draft

ci(publish): dispatch full image-lane smoke after GHCR push#18
PipDscvr wants to merge 1 commit into
mainfrom
feat/dispatch-image-smoke-post-publish

Conversation

@PipDscvr
Copy link
Copy Markdown

@PipDscvr PipDscvr commented May 22, 2026

Summary

After publish-core-docker.yml pushes a new GHCR tag, this dispatches a repository_dispatch: core-image-published event so a downstream environment can run the full release-required integration suite against the just-pushed image. Adds coverage for MCP, framework adapters, host-tools E2E, hygiene, and docs-contract on top of the existing in-workflow ingest/search smoke.

Fires only after a fresh push (retag_latest_only=false); a retag of an already-validated digest is skipped.

Wiring

The downstream listener and its preflight live elsewhere; this PR is the sender only. Repository configuration required before the dispatch can succeed:

  • Secret IMAGE_SMOKE_DISPATCH_TOKEN — fine-grained PAT with actions: write on the target repo.
  • Variable IMAGE_SMOKE_REPOowner/name of the listener.

The workflow file does not hardcode either value; both are pulled from repo settings. If either is unset the step exits non-zero with a clear error so a missed dispatch is loud, not silent.

Payload

event_type: core-image-published
client_payload:
  core_version: <x.y.z>
  image_ref:    ghcr.io/atomicstrata/atomicmemory-core:<x.y.z>
  image_digest: sha256:...

The digest is read from docker manifest inspect after the push so the listener can pin to a specific image content if it wants to.

Test plan

  • pnpm run repo-hygiene passes.
  • pnpm run security-compliance passes.
  • Workflow YAML parses cleanly with the new step appended at the end.
  • First publish after merge dispatches successfully (visible in repo Actions → workflow runs).
  • Listener receives the event and the full smoke runs against the new image.

@PipDscvr
ci(publish): dispatch full image-lane smoke after GHCR push
566a690 
After the publish job pushes a new GHCR tag, dispatch a
repository_dispatch event so the integration smoke environment can run
the full release-required suite against the just-pushed image. The
existing in-workflow smoke only covers ingest/search; the dispatched
suite adds MCP, framework adapters, host-tools E2E, hygiene, and
docs-contract coverage.

The dispatch target and PAT are sourced from repository
variables/secrets (IMAGE_SMOKE_REPO + IMAGE_SMOKE_DISPATCH_TOKEN) so
this workflow file does not hardcode an internal repository name.
Fails closed when either is unset.

Fires only after a fresh push (retag_latest_only=false) so a retag of
an already-validated digest does not burn CI cycles.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@PipDscvr