Lumpiasty
ea0d90d8f0
Add .woodpecker/pr-build.yaml: builds all three arches (dry-run, no push) on PRs and pushes to main, reporting status to Gitea. This is the gate for automerge. renovate.json automerge rules (platformAutomerge, merged only after the PR build passes): - tailscale stable patch AND minor - Go/Alpine/busybox PATCH only - base-image digest refreshes Minor/major of build deps and tooling stay manual. Move pinDigests into a dockerfile packageRule (top-level dockerfile.* is deprecated). Document the automerge policy and its caveat (PR build proves build-only, not runtime) in DESIGN.md.
27 lines
851 B
YAML
27 lines
851 B
YAML
# Build validation for pull requests (and pushes to main).
|
|
#
|
|
# Builds the full multi-arch image but does NOT push it anywhere — it only
|
|
# proves the Dockerfile still builds for every supported architecture. This is
|
|
# the gate Renovate automerge waits on: a dependency bump that breaks the build
|
|
# fails this check and will NOT be automerged (and therefore never reaches
|
|
# :stable or the routers).
|
|
#
|
|
# Reports pass/fail status back to Gitea, so it shows up as a required check on
|
|
# the PR.
|
|
|
|
when:
|
|
- event: pull_request
|
|
- event: push
|
|
branch: main
|
|
|
|
steps:
|
|
- name: Build all arches (no push)
|
|
image: woodpeckerci/plugin-docker-buildx:5.2.2
|
|
privileged: true
|
|
settings:
|
|
repo: mikrotik-tailscale
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v7
|
|
dry-run: true
|
|
build_args:
|
|
- OCI_VERSION=ci-${CI_COMMIT_SHA}
|