From 8f8f83da6d0a208f75f4df0644b6a820742473ae Mon Sep 17 00:00:00 2001 From: Haitao Pan Date: Fri, 21 Nov 2025 16:12:46 +0800 Subject: [PATCH] fix(workflow): resolve actionlint errors and correct outputs chain --- .../workflows/cloud-neutra-golden-image.yaml | 27 ++++++++++++++----- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/.github/workflows/cloud-neutra-golden-image.yaml b/.github/workflows/cloud-neutra-golden-image.yaml index c5d03b4..d0440f9 100644 --- a/.github/workflows/cloud-neutra-golden-image.yaml +++ b/.github/workflows/cloud-neutra-golden-image.yaml @@ -29,6 +29,9 @@ env: PACKER_TEMPLATE_ROOT: packer/Cloud-Neutra-VMs jobs: + ########################################################################## + # Stage 1 — Lint / Validate / Security + ########################################################################## lint: name: Lint & Validate runs-on: ubuntu-latest @@ -44,18 +47,19 @@ jobs: sudo apt-get install -y shellcheck jq - name: Packer FMT - run: | - packer fmt -recursive . + run: packer fmt -recursive . - name: Packer Validate - run: | - packer validate . + run: packer validate . - name: gitleaks Scan uses: gitleaks/gitleaks-action@v2 with: args: detect --no-git -v + ########################################################################## + # Stage 2 — Build Golden Image + ########################################################################## build: name: Build Golden AMI runs-on: ubuntu-latest @@ -71,7 +75,6 @@ jobs: - edition: base ubuntu_version: "2204" cpu_arch: amd64 - - edition: base ubuntu_version: "2204" cpu_arch: arm64 @@ -79,6 +82,7 @@ jobs: steps: - uses: actions/checkout@v4 + # must be step-level to allow matrix.* - name: Skip matrix items not requested if: > github.event_name == 'schedule' || @@ -110,7 +114,6 @@ jobs: CPU_ARCH: ${{ matrix.cpu_arch }} run: | TEMPLATE="${PACKER_TEMPLATE_ROOT}/${EDITION}/ubuntu-${UBUNTU_VERSION}-${EDITION}.pkr.hcl" - echo "Using template: ${TEMPLATE}" packer build \ @@ -135,16 +138,26 @@ jobs: name: packer-build-log path: packer.log + ########################################################################## + # Stage 3 — QA Test + ########################################################################## test: name: Test Built AMI runs-on: ubuntu-latest needs: build + # must re-expose build's output for downstream needs.* + outputs: + ami_id: ${{ needs.build.outputs.ami_id }} + steps: - name: Placeholder test run: | echo "TODO: Future QA test" + ########################################################################## + # Stage 4 — AMI Replication + Retention + ########################################################################## distribute: name: Replicate & Retain AMI runs-on: ubuntu-latest @@ -179,7 +192,7 @@ jobs: EDITION: ${{ matrix.edition }} UBUNTU_VERSION: ${{ matrix.ubuntu_version }} CPU_ARCH: ${{ matrix.cpu_arch }} - AMI_ID: ${{ needs.build.outputs.ami_id }} + AMI_ID: ${{ needs.test.outputs.ami_id }} run: | bash packer/scripts/common/ami-replicate.sh \ "${AMI_ID}" "${EDITION}" "${UBUNTU_VERSION}" "${CPU_ARCH}" \