feat: validate ci/main.go container images in pre-commit (#413)
## Summary
- Adds `scripts/check_ci_images.sh`: extracts every `From("...")` image reference from `ci/main.go` and runs `skopeo inspect --no-creds` on each one (manifest-only, no layer pull, no daemon required)
- Adds `task check-ci-images` task in `Taskfile.yml` that runs the script
- Adds `ci-image-exists` hook to `.pre-commit-config.yaml` that fires only when `ci/main.go` is staged (using `files: ^ci/main\.go$` rather than `always_run`, to avoid a network round-trip on every unrelated commit)
- Adds `skopeo` to the Nix devShell so the tool is on PATH when the hook runs via `nix develop --command`
This catches a bad image tag (like `ghcr.io/cirruslabs/flutter:3.44.1` not yet published) at commit time, before the push reaches CI.
## Test plan
- Stage a change to `ci/main.go` bumping a `From("...")` tag to a non-existent version → hook rejects commit with NOT FOUND
- Stage a change with valid image tags → hook prints OK for each image and allows the commit
- Stage a change to any other file → `ci-image-exists` hook is skipped entirely
Closes #407
Co-authored-by: Thomas SharedInbox <sharedinbox@thomas-guettler.de>
Reviewed-on: https://codeberg.org/guettli/sharedinbox/pulls/413
This commit was merged in pull request #413.
This commit is contained in:
Bot of Thomas Güttler
committed by
guettli
guettli
co-authored by
guettli
Thomas SharedInbox
guettli
Thomas SharedInbox
parent
4a07a175b9
commit
b631bdae24
@@ -700,6 +700,11 @@ tasks:
|
||||
fi
|
||||
echo "Hygiene check passed."
|
||||
|
||||
check-ci-images:
|
||||
desc: Verify that all container images referenced in ci/main.go are reachable
|
||||
cmds:
|
||||
- scripts/check_ci_images.sh
|
||||
|
||||
_integrations:
|
||||
internal: true
|
||||
run: once
|
||||
|
||||
Reference in New Issue
Block a user