ci: combine transport dependency update and Docker build workflows

[Pratham-Mishra04]

Unified Transport CI Workflow for Dependency Updates and Docker Builds

This PR consolidates our CI workflows for transport-related operations into a single workflow file. It combines the previously separate docker-build.yml and transport-dependency-update.yml into a new transport-ci.yml workflow that handles both concerns.

Key improvements:

• Created a unified workflow that automatically updates transport dependencies when a new core version is tagged
• Streamlined the Docker image build process to run after dependency updates
• Fixed Docker tag format to avoid using slashes (using v1.2.3 instead of transports/v1.2.3)
• Added proper job dependencies to ensure the workflow runs in the correct sequence
• Improved tag validation and error handling throughout the workflow
• Updated the test chatbot dependency to use the latest core version

This change simplifies our CI process by reducing the number of workflow files while maintaining the same functionality, making it easier to maintain and understand the relationship between core updates and transport builds.

[coderabbitai]

Summary by CodeRabbit

• Chores
  • Replaced separate CI workflows for Docker builds and transport dependency updates with a unified workflow that automates both processes.
  • Updated the core module version and added new indirect dependencies in the test suite.
• Refactor
  • Streamlined continuous integration by consolidating version management and Docker image publishing into a single workflow.

Summary by CodeRabbit

• Chores
  • Replaced separate workflows for Docker image builds and transport dependency updates with a unified workflow that automates both processes.
  • Updated the core module dependency version in tests and added new indirect dependencies.

Walkthrough

This change removes two separate GitHub Actions workflows for Docker image building and transport dependency updates, replacing them with a single consolidated workflow that automates both processes. The new workflow manages versioning, dependency updates, and Docker image publishing for transport components. Additionally, core module dependencies in a test module are updated.

Changes

File(s)	Change Summary
.github/workflows/docker-build.yml, .github/workflows/transport-dependency-update.yml	Deleted separate workflows for Docker builds and transport dependency updates.
.github/workflows/transport-ci.yml	Added a consolidated workflow automating dependency updates and Docker builds for transports.
tests/core-chatbot/go.mod	Updated core module version and added new indirect dependencies.

Sequence Diagram(s)

sequenceDiagram
    participant GitHub Actions
    participant Repo
    participant Docker Hub

    Note over GitHub Actions: On tag push (core/v* or transports/v*)

    alt core/v* tag
        GitHub Actions->>Repo: Checkout main branch
        GitHub Actions->>Repo: Update transport dependency to new core version
        GitHub Actions->>Repo: Commit & push go.mod/sum changes
        GitHub Actions->>Repo: Create & push new transports/v* tag
        GitHub Actions->>GitHub Actions: Trigger Docker build job
    end

    alt transports/v* tag or after dependency update
        GitHub Actions->>Repo: Checkout code
        GitHub Actions->>Docker Hub: Build & push multi-arch Docker image (version & latest tags)
    end

Loading

Possibly related PRs

• ci: add Docker build workflow for automated image publishing #98: Deletes the same Docker build workflow file that was originally added, directly connecting to the Docker automation being replaced here.
• feat: add workflow to auto-update transport dependencies on core releases #103: Consolidates and replaces the workflows for transport dependency updates and Docker builds, directly relating to the same automation and code areas.

Suggested reviewers

• danpiths
• akshaydeo

Poem

In the warren where workflows hop,
Old scripts retire, new ones pop!
Dependencies patched with care,
Docker images built to share.
With every tag, a bunny cheer—
CI/CD is crystal clear!
🐇✨

✨ Finishing Touches

🧪 Generate Unit Tests

• Create PR with Unit Tests
• Post Copyable Unit Tests in Comment
• Commit Unit Tests in branch 06-21-enhacement_switched_to_single_action_file

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai auto-generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Pratham-Mishra04]

• ci: combine transport dependency update and Docker build workflows #104 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[coderabbitai]

Actionable comments posted: 4

🔭 Outside diff range comments (1)

.github/workflows/transport-ci.yml (1)

195-197: Improve image digest reporting
Instead of a static message, capture and echo the actual digest via docker/build-push-action outputs:

- name: Image digest
  run: echo "Digest: ${{ steps.build_and_push.outputs.digest }}"

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bea5781 and a5383f0.

⛔ Files ignored due to path filters (1)

• tests/core-chatbot/go.sum is excluded by !**/*.sum

📒 Files selected for processing (4)

• .github/workflows/docker-build.yml (0 hunks)
• .github/workflows/transport-ci.yml (1 hunks)
• .github/workflows/transport-dependency-update.yml (0 hunks)
• tests/core-chatbot/go.mod (2 hunks)

💤 Files with no reviewable changes (2)

• .github/workflows/docker-build.yml
• .github/workflows/transport-dependency-update.yml

🧰 Additional context used

🪛 actionlint (1.7.7)

.github/workflows/transport-ci.yml

36-36: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 YAMLlint (1.37.1)

.github/workflows/transport-ci.yml

[warning] 3-3: truthy value should be one of [false, true]

(truthy)

---

[warning] 6-6: too few spaces before comment: expected 2

(comments)

---

[warning] 7-7: too few spaces before comment: expected 2

(comments)

---

[error] 70-70: trailing spaces

(trailing-spaces)

---

[error] 76-76: trailing spaces

(trailing-spaces)

---

[error] 80-80: trailing spaces

(trailing-spaces)

🔇 Additional comments (15)

tests/core-chatbot/go.mod (2)

5-5: Bump core module to v1.1.4
Updating the test module to depend on the newly released core v1.1.4 aligns with the updated transport CI workflow.

---

23-31: Review indirect dependencies
These entries are auto-generated by go mod tidy to satisfy the bumped core module. Please verify no unnecessary direct requirements slipped in.

Run go mod tidy -v in tests/core-chatbot to confirm all listed modules are actually used.

Also applies to: 34-35, 39-51, 53-57

.github/workflows/transport-ci.yml (13)

1-8: Workflow triggers consolidation looks good
Combining both core/v* and transports/v* tag triggers into one workflow simplifies CI maintenance without losing functionality.

---

9-12: Concurrency configured appropriately
Using concurrency to cancel in-progress runs on the same tag prevents redundant workflows and saves CI resources.

---

13-17: Environment variables setup is clear
Centralizing registry, account, and image name in env makes future changes easier and avoids duplication.

---

19-33: Dependency update job setup is solid
The update-transport-dependency job correctly checks out main with full history and tags, and grants write permissions for commits.

---

40-53: Core version extraction and validation is robust
Strict regex validation ensures only semantic versions in the form vMAJOR.MINOR.PATCH are accepted.

---

54-58: Git configuration for bot commits is correct
Properly setting the committer name and email ensures clarity in the project history.

---

95-108: Transport dependency update and build steps look good
Error checking after go get and go mod tidy followed by a build ensures failures surface early in CI.

---

109-123: Commit, push, and tagging are well-handled
Conditional staging avoids pointless commits, and tagging immediately kicks off the Docker build as intended.

---

124-133: Docker build job configuration is correct
The build-and-push-docker job properly depends on the update job and also runs standalone on manual transport tags.

---

134-162: Metadata extraction and validation steps are solid
Differentiating between auto-generated vs. manual tags, validating the version, and constructing Docker tags ensure reliable downstream steps.

---

163-168: QEMU and Buildx setup are configured correctly
Leveraging docker/setup-qemu-action@v3 and docker/setup-buildx-action@v3 enables multi-platform builds out of the box.

---

169-174: Docker Hub login step is secure and properly scoped
Using GitHub Secrets for credentials avoids leakage and follows best practices.

---

175-194: Docker build-and-push configuration is comprehensive
Multi-platform builds with cache layers and detailed OCI labels follow best practices for reproducible and efficient image publishing.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (3)

.github/workflows/transport-ci.yml (3)

175-177: Timestamp step added
Captures UTC creation time for the image, addressing the previous head_commit.timestamp gap.

---

59-67: Calculate next transport version
Grabs the latest transports/v* tag or defaults to transports/v0.1.0.

For unequivocal version sorting (multi-digit segments), strip the prefix before sort:

- LATEST_TAG=$(git tag -l 'transports/v*' | sort -V | tail -n 1)
+ LATEST_TAG=$(git tag -l 'transports/v*' | sed 's|transports/||' | sort -V | tail -n 1)
+ LATEST_TAG="transports/${LATEST_TAG}"

---

35-38: Pin Go setup action
Locking to Go 1.24.1 aligns with go.mod. To avoid unexpected updates when v4 releases a new patch, pin to the latest patch version:

- uses: actions/setup-go@v4
+ uses: actions/setup-go@v4.4.0

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a5383f0 and 7d1a6ad.

⛔ Files ignored due to path filters (1)

• tests/core-chatbot/go.sum is excluded by !**/*.sum

📒 Files selected for processing (4)

• .github/workflows/docker-build.yml (0 hunks)
• .github/workflows/transport-ci.yml (1 hunks)
• .github/workflows/transport-dependency-update.yml (0 hunks)
• tests/core-chatbot/go.mod (2 hunks)

💤 Files with no reviewable changes (2)

• .github/workflows/transport-dependency-update.yml
• .github/workflows/docker-build.yml

🧰 Additional context used

🪛 actionlint (1.7.7)

.github/workflows/transport-ci.yml

36-36: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 YAMLlint (1.37.1)

.github/workflows/transport-ci.yml

[warning] 3-3: truthy value should be one of [false, true]

(truthy)

---

[warning] 6-6: too few spaces before comment: expected 2

(comments)

---

[warning] 7-7: too few spaces before comment: expected 2

(comments)

---

[error] 70-70: trailing spaces

(trailing-spaces)

---

[error] 76-76: trailing spaces

(trailing-spaces)

---

[error] 80-80: trailing spaces

(trailing-spaces)

🔇 Additional comments (25)

tests/core-chatbot/go.mod (2)

5-5: Bump core dependency version
The module requirement for github.com/maximhq/bifrost/core is correctly updated from v1.1.3 to v1.1.4, aligning with the new transport CI workflow trigger.

---

7-58: ```shell
#!/bin/bash
set -e

Navigate into the module under test

cd tests/core-chatbot

Ensure module file is up-to-date

go mod tidy

List all indirect dependencies

echo "Indirect modules in tests/core-chatbot:"
go list -m -f '{{if .Indirect}}{{.Path}}{{end}}' all

Verify each indirect dependency is actually required

echo "Verifying usage of each indirect module:"
for mod in $(go list -m -f '{{if .Indirect}}{{.Path}}{{end}}' all); do
echo
echo "==== $mod ===="
go mod why -m "$mod" || echo "🛑 No usage found for $mod"
done

</details>
<details>
<summary>.github/workflows/transport-ci.yml (23)</summary>

`6-7`: **Trigger conditions**  
The workflow now responds to both `core/v*` tags for dependency updates and `transports/v*` tags for Docker builds, consolidating previous CI steps as intended.

---

`9-11`: **Concurrency control**  
Using `${{ github.workflow }}-${{ github.ref }}` prevents overlapping runs on the same tag, ensuring sequential execution.

---

`13-17`: **Defined environment variables**  
Explicitly setting `REGISTRY`, `ACCOUNT`, and `IMAGE_NAME` simplifies tag construction and improves readability.

---

`20-25`: **Dependency update job configuration**  
The `update-transport-dependency` job is scoped to `core/v*` tags, has correct permissions, and exposes `new_transport_tag` for downstream use.

---

`27-34`: **Checkout step parameters**  
Fetching full history and tags (`fetch-depth: 0`, `fetch-tags: true`) is required for accurate tag discovery. Using `secrets.GH_TOKEN` for write access is appropriate.

---

`40-49`: **Core version extraction & validation**  
Robustly strips the `core/` prefix and enforces `vMAJOR.MINOR.PATCH` format before proceeding.

---

`51-53`: **Export core version output**  
Writing `version=${TAG_NAME}` to `$GITHUB_OUTPUT` enables reliable downstream consumption.

---

`54-58`: **Configure Git for automated commits**  
Setting a dedicated bot identity is necessary for CI-driven pushes.

---

`68-75`: **Validate existing transport tag format**  
Enforcing `MAJOR.MINOR.PATCH` on the stripped version prevents erroneous tagging. Error messaging is clear.

---

`77-83`: **Increment patch version**  
Correctly extracts numeric segments and increments the patch. Shell arithmetic use is appropriate.

---

`86-90`: **Avoid duplicate tags**  
Checks for an existing tag before creation, avoiding downstream push failures.

---

`92-94`: **Publish new transport tag output**  
Exposing `new_tag` via `$GITHUB_OUTPUT` allows the Docker job to pick it up seamlessly.

---

`95-103`: **Update Go module dependency**  
`go get` followed by `go mod tidy` in `transports` ensures the dependency is updated and the lockfile is clean. Error handling guards against fetch failures.

---

`105-107`: **Build verification**  
Compiling the transport code confirms the module change didn't introduce breakages.

---

`109-117`: **Conditional commit of `go.mod`/`go.sum`**  
Idempotently commits only if changes exist, avoiding no-op commits.

---

`119-123`: **Tag and push transport version**  
Tags are created with the correct prefix and pushed upstream.

---

`124-132`: **Docker build job trigger & checkout**  
Correctly depends on the update job and triggers on manual `transports/v*` tags. Checkout is standard.

---

`134-146`: **Determine Docker tag**  
Selects between the CI-generated tag and manual tag, then exposes `tag` output.

---

`148-155`: **Version extraction & validation for Docker**  
Strips the `transports/` prefix and validates the version, rejecting invalid formats.

---

`157-161`: **Construct Docker image tags**  
Generates valid Docker tags (`vX.Y.Z` and `latest`) by removing slashes.

---

`163-168`: **Cross-platform build setup**  
Use of QEMU and Buildx actions ensures multi-arch support.

---

`169-173`: **Authenticate to Docker Hub**  
Securely logs in with repository secrets.

---

`179-197`: **Build-and-push Docker image**  
Fully configures the build context, metadata labels, build args, platforms, and cache – matching best practices for multi-platform CI releases.

</details>

</blockquote></details>

</details>

<!-- This is an auto-generated comment by CodeRabbit for review status -->