Fix red CI: lowercase GHCR tags; stop gating release check on local Tier A#6
Merged
Merged
Conversation
…ier A
Three workflows were failing on main.
Build GeneCluster runner image / Build GeneCluster Superpowers image:
Both derived IMAGE_NAME from ${{ github.repository_owner }} ("BioSymphony"),
producing tags like ghcr.io/BioSymphony/... which GHCR rejects with
"repository name must be lowercase". Compute IMAGE_NAME in a new
"Normalize image name" step via ${OWNER,,}, and lowercase the Superpowers
DEFAULT_BASE_IMAGE owner the same way so it can pull the runner base image.
Public release check (runs on every push + PR):
make public-audit -> capability ran capability_probe.py, which exits 1
unless Tier A local tooling (PyMOL/ChimeraX GUIs, conda, the ValarTTS
server on :8787) is present. A hosted runner never has these, so the gate
could not pass in CI. Add a --no-fail (report-only) flag to the probe and
pass it from the `capability` Make target; direct invocation without the
flag keeps the exit-1 local-readiness signal.
Verified: `make public-release-check` now exits 0 locally (101 unit tests
pass, all audits clean). The image-build workflows trigger on push to main
(and their own paths), so they re-run on merge.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
All three CI workflows were failing on
main:ghcr.io/BioSymphony/...— GHCR requires lowercase repo namesDEFAULT_BASE_IMAGE)make capabilityexits 1 — probe gates on local Tier A tooling absent in CIWhat changed
Image builds (both workflows):
IMAGE_NAMEwas derived from${{ github.repository_owner }}, which isBioSymphony(mixed case), so buildx aborted withinvalid tag ... repository name must be lowercase. A new Normalize image name step now computesIMAGE_NAME=${OWNER,,}/genecluster-…(the owner passed viaenv:and lowercased in-shell — the GitHub-recommended injection-safe pattern). The SuperpowersDEFAULT_BASE_IMAGEowner is lowercased the same way so it can pull the runner base image.Public release check:
make public-audit → capabilityrancapability_probe.py, which ends withreturn 0 if tier_a_ready else 1. Tier A needs local macOS GUIs (PyMOL/ChimeraX), conda, and the ValarTTS server on:8787— the CI log showedConnection refused. A hosted runner can never satisfy this. Added a--no-fail(report-only) flag to the probe and pass it from thecapabilityMake target. Direct invocation without the flag keeps the exit-1 local-readiness signal, so local readiness checks are unchanged.Verification
make public-release-checkexits 0 locally (101 unit tests pass; all audits clean) — this is the exact chain the Public release check workflow runs.capability_probe.py --json --no-failexits 0;--helplists the flag.Note on CI coverage for this PR
The two image-build workflows trigger on push to
main(and their ownpaths:), not onpull_request, so they won't run on this PR. Because this PR edits those workflow files (which are in the path filter), they'll re-run automatically on merge. They can also be exercised pre-merge viagh workflow run/workflow_dispatchon this branch if desired — those runs do a full Docker build (~minutes for the runner, up to the 120-min timeout for Superpowers).🤖 Generated with Claude Code