Skip to content

[ci] Fix deploy workflow #3044

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
VietND96 merged 1 commit into from
Dec 11, 2025
Merged

[ci] Fix deploy workflow #3044

VietND96 merged 1 commit into from
Dec 11, 2025

Conversation

@VietND96
Copy link
Member

@VietND96 VietND96 commented Dec 11, 2025
edited by qodo-code-review bot
Loading

User description

Thanks for contributing to the Docker-Selenium project!
A PR well described will help maintainers to quickly review and merge it

Before submitting your PR, please check our contributing guidelines, applied for this repository.
Avoid large PRs, help reviewers by making them as simple and short as possible.

Description

Motivation and Context

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist

  • I have read the contributing document.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

PR Type

Bug fix

Description

  • Remove continue_on_error: true from retry actions in CI workflows

  • Add --format table flag to docker images commands in Makefile

  • Ensures proper error handling in deployment workflow steps

  • Fixes docker image validation output parsing

Diagram Walkthrough

flowchart LR
  A["CI Workflows"] -->|Remove continue_on_error| B["Proper Error Handling"]
  C["Makefile release target"] -->|Add --format table| D["Fixed Image Validation"]
  B --> E["Improved Reliability"]
  D --> E
Loading

File Walkthrough
Relevant files
Bug fix
build-ffmpeg.yml
Remove continue_on_error from ffmpeg deploy step                 

.github/workflows/build-ffmpeg.yml

  • Removed continue_on_error: true from the Deploy new images step
  • Allows the retry action to properly fail on errors instead of silently
    continuing
 +0/-1     
deploy.yml
Remove continue_on_error from multiple deploy steps           

.github/workflows/deploy.yml

  • Removed continue_on_error: true from three deploy steps: Deploy new
    images, Deploy latest tag, and Tag browser images
  • Ensures proper error propagation and workflow failure on deployment
    issues
 +0/-3     
Makefile
Add format table flag to docker images commands                   

Makefile

  • Added --format table flag to all 24 docker images command invocations
    in the release target
  • Ensures consistent output format for proper parsing by awk in image
    validation checks
  • Fixes potential issues with docker image version verification before
    release
 +22/-22 

@VietND96
[ci] Fix deploy workflow
501c94c 
Signed-off-by: Viet Nguyen Duc <[email protected]>
@VietND96 VietND96 merged commit 39657bc into trunk Dec 11, 2025
2 checks passed
@VietND96 VietND96 deleted the ci-deploy branch December 11, 2025 16:37
@qodo-code-review
Copy link
Contributor

qodo-code-review bot commented Dec 11, 2025

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢
No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status:
Operational Logging: The changes affect CI/CD deployment steps but do not introduce or modify application audit
logging, so their impact on audit trails cannot be determined from this diff.

Referred Code 
    DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}}
- name: Deploy new images
  if: github.event.inputs.skip-build-push-image != 'true'
  uses: nick-invision/retry@master
  with:
    timeout_minutes: 20
    max_attempts: 5
    retry_wait_seconds: 300
    command: VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make release
- name: Tag images as latest
  if: github.event.inputs.skip-build-push-image != 'true'
  run: VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make tag_latest
- name: Deploy latest tag
  if: github.event.inputs.skip-build-push-image != 'true'
  uses: nick-invision/retry@master
  with:
    timeout_minutes: 20
    max_attempts: 5
    retry_wait_seconds: 300
    command: VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make release_latest
- name: Update package versions


 ... (clipped 12 lines)

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status:
Log Sensitivity: The added shell checks echo build guidance and parse docker image tags but do not reveal
whether sensitive data may be logged elsewhere; no sensitive data exposure is evident in
the new lines.

Referred Code 
release: tag_major_minor release_grid_scaler
	@if ! docker images --format table $(NAME)/base | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/base version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/hub | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/hub version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/distributor | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/distributor version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/router | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/router version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/sessions | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/sessions version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/session-queue | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/session-queue version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/event-bus | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/event-bus version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/node-base | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/node-base version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/node-chrome | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/node-chrome version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/node-chromium | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/node-chromium version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/node-chrome-for-testing | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/node-chrome-for-testing version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/node-edge | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/node-edge version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/node-firefox | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/node-firefox version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/node-docker | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/node-docker version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/node-all-browsers | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/node-all-browsers version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/standalone-chrome | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/standalone-chrome version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/standalone-chromium | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/standalone-chromium version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/standalone-chrome-for-testing | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/standalone-chrome-for-testing version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/standalone-edge | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/standalone-edge version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
	@if ! docker images --format table $(NAME)/standalone-firefox | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/standalone-firefox version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi


 ... (clipped 3 lines)

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status:
Env Handling: The workflow uses environment variables like GRID_VERSION and BUILD_DATE in shell
commands; no direct validation is added here, but assessing overall input validation
requires broader context beyond this diff.

Referred Code 
          command: VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make release
      - name: Tag images as latest
        if: github.event.inputs.skip-build-push-image != 'true'
        run: VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make tag_latest
      - name: Deploy latest tag
        if: github.event.inputs.skip-build-push-image != 'true'
        uses: nick-invision/retry@master
        with:
          timeout_minutes: 20
          max_attempts: 5
          retry_wait_seconds: 300
          command: VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make release_latest
      - name: Update package versions
        run: make update_browser_versions_matrix
#          make generate_latest_sbom

Learn more about managing compliance generic rules or creating your own custom rules
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

@qodo-code-review
Copy link
Contributor

qodo-code-review bot commented Dec 11, 2025

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
General
Use a more robust image check

Refactor the Docker image existence checks to use the more robust docker image
inspect command and consolidate the repeated checks into a single loop to
improve readability and maintainability.

Makefile [651-673]

+GRID_IMAGES_TO_CHECK := base hub distributor router sessions session-queue event-bus node-base node-chrome node-chromium node-chrome-for-testing node-edge node-firefox node-docker node-all-browsers standalone-chrome standalone-chromium standalone-chrome-for-testing standalone-edge standalone-firefox standalone-docker standalone-all-browsers
+
 release: tag_major_minor release_grid_scaler
-	@if ! docker images --format table $(NAME)/base | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/base version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/hub | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/hub version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/distributor | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/distributor version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/router | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/router version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/sessions | awk '{ print $$2 }'' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/sessions version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/session-queue | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/session-queue version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/event-bus | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/event-bus version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/node-base | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/node-base version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/node-chrome | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/node-chrome version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/node-chromium | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/node-chromium version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/node-chrome-for-testing | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/node-chrome-for-testing version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/node-edge | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/node-edge version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/node-firefox | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/node-firefox version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/node-docker | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/node-docker version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/node-all-browsers | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/node-all-browsers version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/standalone-chrome | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/standalone-chrome version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/standalone-chromium | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/standalone-chromium version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/standalone-chrome-for-testing | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/standalone-chrome-for-testing version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/standalone-edge | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/standalone-edge version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/standalone-firefox | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/standalone-firefox version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/standalone-docker | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/standalone-docker version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! docker images --format table $(NAME)/standalone-all-browsers | awk '{ print $$2 }' | grep -q -F $(TAG_VERSION); then echo "$(NAME)/standalone-all-browsers version $(TAG_VERSION) is not yet built. Please run 'make build'"; false; fi
+	@for image in $(GRID_IMAGES_TO_CHECK); do \
+	  if ! docker image inspect $(NAME)/$$image:$(TAG_VERSION) >/dev/null 2>&1; then \
+	    echo "$(NAME)/$$image version $(TAG_VERSION) is not yet built. Please run 'make build'"; \
+	    exit 1; \
+	  fi; \
+	done
  • Apply / Chat
Suggestion importance[1-10]: 7

__

Why: The suggestion provides a more robust and maintainable solution by using docker image inspect instead of parsing docker images output, and by consolidating repetitive checks into a loop.

Medium
  • More

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Review effort 2/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@VietND96