Skip to content

[BUILD] Stamp org.opencontainers.image.revision label on UI image#3708

Merged
pini-sh-panda merged 1 commit into
developmentfrom
feat/image-revision-label
Jun 25, 2026
Merged

[BUILD] Stamp org.opencontainers.image.revision label on UI image#3708
pini-sh-panda merged 1 commit into
developmentfrom
feat/image-revision-label

Conversation

@bar-shem-tov

@bar-shem-tov bar-shem-tov commented Jun 24, 2026

Copy link
Copy Markdown
Collaborator

📝 Description

Adds the standard OCI revision label (org.opencontainers.image.revision) to the production UI image so the full UI commit SHA travels with the published image. This lets the MLRun release-promotion workflow derive the UI commit to tag straight from the image, instead of requiring an operator to paste it by hand.


🛠️ Changes Made

  • Dockerfile: declare ARG GIT_COMMIT_SHA and set LABEL org.opencontainers.image.revision=$GIT_COMMIT_SHA on the production stage.
  • package.json: pass --build-arg GIT_COMMIT_SHA="$(git rev-parse HEAD)" (the full SHA) from the docker build script.

✅ Checklist

  • I have given the PR a well-structured title describing the domain and the specific change that was made
  • I tested the changes in the browser (locally or via preview build)
  • I confirmed that existing tests pass
  • I added or updated unit / integration tests (if needed)
  • I checked that this change doesn’t introduce new console warnings or lint / formatting errors
  • I updated the relevant Jira ticket with the appropriate details and status

🔗 References


🚨 Potentially Breaking Changes

  • Yes
  • No

Metadata only — no behavior change to the running image. Images built before this change have no label; the consumer handles that by failing loud and asking for an explicit ui_commit_sha.


Includes DRC change

  • Yes
  • No

🔍 Additional Notes

  • Companion to the MLRun release-promotion generalization; that workflow consumes this label.

📸 Screenshots / Demos

N/A — no UI change.

Add a GIT_COMMIT_SHA build-arg (full git sha) and set it as the
org.opencontainers.image.revision OCI label on the production image so the
release promotion workflow can recover the UI commit via skopeo inspect.
The existing short-hash COMMIT_HASH file is left unchanged.
@bar-shem-tov bar-shem-tov marked this pull request as ready for review June 25, 2026 08:32
@pini-sh-panda pini-sh-panda merged commit f0a8d89 into development Jun 25, 2026
7 checks passed
@bar-shem-tov bar-shem-tov deleted the feat/image-revision-label branch June 25, 2026 08:33
bar-shem-tov added a commit to mlrun/mlrun that referenced this pull request Jul 2, 2026
…s latest (#9868)

### 📝 Description

Reworks the `release-promotion` workflow so the operator only needs to
provide the release `version`. The other tagging inputs (`commit_sha`,
`ui_commit_sha`, `previous_version`) are now optional and derived from
artifacts the private release already produced for that version. Also
fixes RC promotions being incorrectly marked as the "latest" GitHub
release.

---

### 🛠️ Changes Made

- Made `commit_sha`, `ui_commit_sha`, and `previous_version` optional;
when empty they are derived, and any provided value still wins as an
override.
- Derive `previous_version` (job `prepare-inputs`) from the repo's `v*`
tags — the greatest GA tag strictly below `version` (skips all
pre-releases, so a GA or RC compares against the previous GA).
- Added a `derive-shas` job on the `mlrun-release` runner (only runner
with private Artifactory access):
- `commit_sha` from `mlrun/utils/version/version.json` (`git_commit`)
inside the promoted wheel.
- `ui_commit_sha` from the `org.opencontainers.image.revision` OCI label
on the private `mlrun-ui:<version>` image.
- Fixed RC-as-latest: a GA gets `prerelease=false`/`makeLatest=true`, an
RC gets `prerelease=true`/`makeLatest=false`, applied to every
`ncipollo/release-action` call.
- Removed the dead `target_artifactory_pypi_repo` input.
- Each derived value fails loud with an actionable message (pass the
input explicitly) when it can't be resolved, instead of tagging the
wrong/empty commit.

---

### ✅ Checklist
- [ ] I updated the documentation (if applicable)
- [ ] I have tested the changes in this PR
- [ ] I confirmed whether my changes are covered by system tests
- [ ] If yes, I ran all relevant system tests and ensured they passed
before submitting this PR
- [ ] I updated existing system tests and/or added new ones if needed to
cover my changes
- [ ] If I introduced a deprecation:
  - [ ] I followed the [Deprecation Guidelines](./DEPRECATION.md)
  - [ ] I updated the relevant Jira ticket for documentation
- [ ] Please run
[Smoke-tests](https://github.com/mlrun/mlrun/actions/workflows/smoke-tests.yml)
workflow, providing it the PR number as input (upon success, the
workflow run will add label "Smoke tests: Pass" to the PR)

---

### 🧪 Testing
<!-- - How it was tested (unit tests, manual, integration) -->
- Dry-run the workflow with only `version` set against a recently
released version; confirm derived
`commit_sha`/`ui_commit_sha`/`previous_version` match the private
release outputs.
- Override paths covered by passing each input explicitly.

---

### 🔗 References
- Ticket link: DEVOPS-1976 (generalize inputs), DEVOPS-1814 (RC marked
as latest), ML-12716 (Artifactory input cleanup)
- Design docs links:
- External links: Builds on (merged) mlrun/ui#3708 — adds the UI image
revision label this workflow reads

---

### 🚨 Breaking Changes?

- [ ] Yes (explain below)
- [x] No

Backward compatible: callers that pass all inputs keep working
unchanged.

---

### 🔍️ Additional Notes
- Builds on the (merged) revision-label change in mlrun/ui#3708. Only UI
images built after that merge carry the label; for older versions
`ui_commit_sha` derivation fails loud and asks the operator to pass it
explicitly.
- Relies on `mlrun` and `mlrun/ui` being released in version lockstep
(verified across the full modern tag history).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants