Propagate changes from main into development#1046
Merged
Merged
Conversation
Weekly: Promote nightly to main (2026-05-25)
fix(orthrus): stop Dockhand flapping and wire uptime to session liveness
…dle transient errors
Contributor
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
Add a disk space reclamation step as the first step in both multi-platform build jobs to eliminate runner disk exhaustion during linux/amd64 + linux/arm64 Docker builds. The ubuntu-latest runner ships with Android SDK (~8 GB), .NET (~2 GB), and Haskell (~2 GB) pre-installed, consuming nearly all available disk before Buildx begins. When disk fills mid-build, the runner process dies without sending terminal step statuses to GitHub, leaving the UI in a paradoxical "failed and in progress" state simultaneously. Docker daemon images are intentionally preserved so Buildx can operate normally. Expected recovery: 10–15 GB per build job. Action pinned to full SHA per supply chain security policy.
Weekly: Promote nightly to main (2026-06-01)
Contributor
Author
✅ Supply Chain Verification Results✅ PASSED 📦 SBOM Summary
🔍 Vulnerability Scan
📎 Artifacts
Generated by Supply Chain Verification workflow • View Details |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Contributor
There was a problem hiding this comment.
Pull request overview
This automated merge PR propagates recent CI and documentation updates from main into development, primarily improving reliability of nightly Docker builds by reclaiming runner disk space and adding retry logic to image signing.
Changes:
- Add a
Free disk spacestep to the start of the two nightly multi-platform Docker build jobs to reduce “No space left on device” failures. - Add retry loops around
cosign signin both nightly and standard docker build workflows to handle transient signing-service errors. - Add/update supporting QA report and the current plan/spec documentation describing the change and validation approach.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| docs/reports/qa_report_2026-06-01_nightly-disk-space.md | Adds a QA/security report documenting validation for the disk space reclamation step. |
| docs/plans/current_spec.md | Updates the current spec/plan to describe the nightly disk space mitigation and acceptance criteria. |
| .github/workflows/nightly-build.yml | Adds disk-space reclamation to nightly build jobs and adds retry logic for Cosign signing. |
| .github/workflows/docker-build.yml | Adds retry logic for Cosign signing in the main docker build workflow. |
Comment on lines
+13
to
+16
| | Job | Step Location | | ||
| |-----|--------------| | ||
| | Charon image build | Line 158 | | ||
| | Orthrus image build | Line 390 | |
Comment on lines
757
to
+761
| echo "Signing Docker Hub image with keyless signing..." | ||
| cosign sign --yes ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }} | ||
| echo "✅ Docker Hub image signed successfully" | ||
| for attempt in 1 2 3; do | ||
| if cosign sign --yes ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}; then | ||
| echo "✅ Docker Hub image signed successfully" | ||
| break |
Comment on lines
+739
to
+743
| for attempt in 1 2 3; do | ||
| if cosign sign --yes ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}; then | ||
| echo "✅ GHCR image signed successfully" | ||
| break | ||
| fi |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated PR to propagate changes from main into development.
Triggered by push to main.