Update All Jaeger Docker images to v2.17.0 #1109
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Orchestrator | |
| on: | |
| pull_request: | |
| branches: [main] | |
| push: | |
| branches: [main] | |
| merge_group: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| # Grant all permissions to allow child workflows to request what they need | |
| # Child workflows can downgrade permissions as needed (principle of least privilege) | |
| permissions: write-all | |
| jobs: | |
| # ============================================================================ | |
| # SETUP: Determine execution mode (sequential vs parallel) | |
| # Parallel mode is used for trusted actors to reduce feedback loop from ~30m to ~10m. | |
| # ============================================================================ | |
| setup: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| parallel: ${{ steps.mode.outputs.parallel }} | |
| steps: | |
| - name: Determine execution mode | |
| id: mode | |
| run: | | |
| PARALLEL=false | |
| # Parallel for push to main | |
| if [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/main" ]]; then | |
| echo "Parallel: push to main" | |
| PARALLEL=true | |
| else | |
| echo "Not triggered by push to main (event=${{ github.event_name }}, ref=${{ github.ref }})" | |
| fi | |
| # Parallel for merge queue | |
| if [[ "${{ github.event_name }}" == "merge_group" ]]; then | |
| echo "Parallel: merge_group event" | |
| PARALLEL=true | |
| else | |
| echo "Not a merge_group event (event=${{ github.event_name }})" | |
| fi | |
| # PR-specific checks (org membership, labels, and PR author login are only meaningful on pull_request events) | |
| if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
| # Parallel for org members. | |
| # Use a live API call because author_association from the event payload is | |
| # unreliable — it reports CONTRIBUTOR for org members who don't have direct | |
| # repo access via a team. Fall back to author_association when the API call | |
| # fails (e.g. insufficient token permissions for fork PRs). | |
| PR_AUTHOR="${{ github.event.pull_request.user.login }}" | |
| AUTHOR_ASSOC="${{ github.event.pull_request.author_association }}" | |
| if gh api --silent "orgs/jaegertracing/members/$PR_AUTHOR" 2>/dev/null; then | |
| echo "Parallel: org member ($PR_AUTHOR, verified via API)" | |
| PARALLEL=true | |
| elif [[ "$AUTHOR_ASSOC" == "MEMBER" || "$AUTHOR_ASSOC" == "OWNER" || "$AUTHOR_ASSOC" == "COLLABORATOR" ]]; then | |
| echo "Parallel: trusted author ($PR_AUTHOR, author_association=$AUTHOR_ASSOC)" | |
| PARALLEL=true | |
| else | |
| echo "Not a trusted author ($PR_AUTHOR, author_association=$AUTHOR_ASSOC)" | |
| fi | |
| # Parallel for known bots (dependency update automation) | |
| if [[ "$PR_AUTHOR" == "dependabot[bot]" || "$PR_AUTHOR" == "renovate-bot" ]]; then | |
| echo "Parallel: bot PR author ($PR_AUTHOR)" | |
| PARALLEL=true | |
| else | |
| echo "Not a known bot (PR author=$PR_AUTHOR)" | |
| fi | |
| # Parallel if the ci:parallel label is applied to the PR. | |
| # NOTE: re-running jobs does not refresh the event payload; a new run is needed | |
| # to pick up labels added after the workflow was first triggered. | |
| PR_LABELS="${{ join(github.event.pull_request.labels.*.name, ', ') }}" | |
| echo "PR labels: ${PR_LABELS:-<none>}" | |
| if [[ "${{ contains(github.event.pull_request.labels.*.name, 'ci:parallel') }}" == "true" ]]; then | |
| echo "Parallel: ci:parallel label found" | |
| PARALLEL=true | |
| else | |
| echo "ci:parallel label not found in: ${PR_LABELS:-<none>}" | |
| fi | |
| else | |
| echo "Not a pull_request event — skipping PR-specific checks" | |
| fi | |
| echo "parallel=$PARALLEL" >> "$GITHUB_OUTPUT" | |
| echo "Execution mode: parallel=$PARALLEL" | |
| # ============================================================================ | |
| # SCRIPTS UNIT TESTS: Fast, independent job for .github/scripts/ Jest suite. | |
| # ============================================================================ | |
| ci-scripts: | |
| name: CI Scripts Unit Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: '24' | |
| cache: 'npm' | |
| cache-dependency-path: .github/scripts/package-lock.json | |
| - name: Install Node dependencies (retry on transient registry failures) | |
| working-directory: .github/scripts | |
| run: | | |
| set -euo pipefail | |
| npm config set fetch-retries 5 | |
| npm config set fetch-retry-mintimeout 20000 | |
| npm config set fetch-retry-maxtimeout 120000 | |
| attempts=3 | |
| for i in $(seq 1 "$attempts"); do | |
| echo "npm ci attempt $i/$attempts" | |
| if npm ci; then | |
| exit 0 | |
| fi | |
| if [ "$i" -lt "$attempts" ]; then | |
| sleep_time=$((i * 15)) | |
| echo "npm ci failed, retrying in ${sleep_time}s" | |
| sleep "$sleep_time" | |
| fi | |
| done | |
| echo "npm ci failed after $attempts attempts" | |
| exit 1 | |
| - run: npm test | |
| working-directory: .github/scripts | |
| # ============================================================================ | |
| # SEQUENTIAL PATH (~30m): Default for external contributors. | |
| # Stage 2 waits for Stage 1; Stage 3 waits for Stage 2. | |
| # Active when parallel == false. | |
| # ============================================================================ | |
| stage1-seq: | |
| needs: [setup] | |
| if: ${{ needs.setup.outputs.parallel == 'false' }} | |
| uses: ./.github/workflows/ci-orchestrator-stage1.yml | |
| secrets: inherit | |
| stage2-seq: | |
| needs: [setup, stage1-seq] | |
| if: ${{ needs.setup.outputs.parallel == 'false' }} | |
| uses: ./.github/workflows/ci-orchestrator-stage2.yml | |
| secrets: inherit | |
| stage3-seq: | |
| needs: [setup, stage2-seq] | |
| if: ${{ needs.setup.outputs.parallel == 'false' }} | |
| uses: ./.github/workflows/ci-orchestrator-stage3.yml | |
| secrets: inherit | |
| # ============================================================================ | |
| # PARALLEL PATH (~10m): For trusted maintainers, merge queue, and main branch. | |
| # All stages start simultaneously after setup. | |
| # Active when parallel == true. | |
| # ============================================================================ | |
| stage1-fast: | |
| needs: [setup] | |
| if: ${{ needs.setup.outputs.parallel == 'true' }} | |
| uses: ./.github/workflows/ci-orchestrator-stage1.yml | |
| secrets: inherit | |
| stage2-fast: | |
| needs: [setup] | |
| if: ${{ needs.setup.outputs.parallel == 'true' }} | |
| uses: ./.github/workflows/ci-orchestrator-stage2.yml | |
| secrets: inherit | |
| stage3-fast: | |
| needs: [setup] | |
| if: ${{ needs.setup.outputs.parallel == 'true' }} | |
| uses: ./.github/workflows/ci-orchestrator-stage3.yml | |
| secrets: inherit | |
| # ============================================================================ | |
| # FINAL GATEKEEPER: Use this job for Branch Protection. | |
| # Validates whichever execution path was taken (sequential or parallel). | |
| # ============================================================================ | |
| ci-success: | |
| name: All CI Checks Passed | |
| runs-on: ubuntu-latest | |
| if: always() | |
| needs: [setup, ci-scripts, stage1-seq, stage2-seq, stage3-seq, stage1-fast, stage2-fast, stage3-fast] | |
| steps: | |
| - name: Check setup status | |
| if: ${{ needs.setup.result != 'success' }} | |
| run: | | |
| echo "❌ Setup job failed or was cancelled." | |
| exit 1 | |
| - name: Check CI scripts tests | |
| if: ${{ needs.ci-scripts.result != 'success' }} | |
| run: | | |
| echo "❌ CI scripts unit tests failed or were cancelled." | |
| exit 1 | |
| - name: Check sequential path | |
| if: ${{ needs.setup.outputs.parallel == 'false' }} | |
| run: | | |
| S1="${{ needs.stage1-seq.result }}" | |
| S2="${{ needs.stage2-seq.result }}" | |
| S3="${{ needs.stage3-seq.result }}" | |
| if [[ "$S1" != "success" || "$S2" != "success" || "$S3" != "success" ]]; then | |
| echo "❌ CI failed on sequential path. Stage 1: $S1, Stage 2: $S2, Stage 3: $S3" | |
| exit 1 | |
| fi | |
| echo "✅ CI passed on sequential path." | |
| - name: Check parallel path | |
| if: ${{ needs.setup.outputs.parallel == 'true' }} | |
| run: | | |
| S1="${{ needs.stage1-fast.result }}" | |
| S2="${{ needs.stage2-fast.result }}" | |
| S3="${{ needs.stage3-fast.result }}" | |
| if [[ "$S1" != "success" || "$S2" != "success" || "$S3" != "success" ]]; then | |
| echo "❌ CI failed on parallel path. Stage 1: $S1, Stage 2: $S2, Stage 3: $S3" | |
| exit 1 | |
| fi | |
| echo "✅ CI passed on parallel path." | |
| - name: Validate execution path was determined | |
| run: | | |
| PARALLEL="${{ needs.setup.outputs.parallel }}" | |
| if [[ "$PARALLEL" != "true" && "$PARALLEL" != "false" ]]; then | |
| echo "❌ Invalid parallel mode: '$PARALLEL' (expected 'true' or 'false')" | |
| exit 1 | |
| fi | |
| # ============================================================================ | |
| # SUMMARY REPORT: Runs after all CI stages pass. | |
| # Computes coverage gating and metrics comparison, uploads ci-summary artifact. | |
| # Fails visibly in PR Checks if coverage drops or metrics regress. | |
| # ci-summary-report-publish.yml (workflow_run) reads the artifact and posts | |
| # the PR comment and check runs — even when this job fails. | |
| # ============================================================================ | |
| summary: | |
| name: CI Summary Report | |
| needs: [ci-success] | |
| if: always() && needs.ci-success.result == 'success' | |
| uses: ./.github/workflows/ci-summary-report.yml | |
| secrets: inherit |