mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-05-13 03:52:00 +00:00
93679ef27d
Adds `pull_request` trigger to docker-publish.yml so PRs that touch Dockerfile / docker/ / pyproject.toml / uv.lock / the workflow itself verify the image builds cleanly before merge. Previously, Dockerfile regressions (e.g. a stale uv.lock, a typo'd dep) would only surface after merge when the docker-publish workflow ran on main. Build-verify-only on PRs: the per-arch jobs run their `load: true` build + smoke test, but the push-by-digest + artifact upload steps remain gated on push-to-main or release. The `merge` and `move-latest` jobs stay excluded from PRs by their existing `if:` gates, so :latest and SHA tags are never touched from PR runs. Concurrency: PR runs use a PR-scoped group (`docker-<pr_number>`) with `cancel-in-progress: true` so rapid pushes to the same PR collapse to the latest commit. Push/release runs keep `cancel-in-progress: false` — every merge still gets its own SHA-tagged image. Also adds arm64 smoke tests (previously amd64-only): the image is now built with `load: true` on arm64 too, then `docker run --help` + `dashboard --help` smoke tests run identically on both arches. Both smoke test blocks were extracted into a new composite action at `.github/actions/hermes-smoke-test` to keep the two jobs DRY. New files: - .github/actions/hermes-smoke-test/action.yml Modified: - .github/workflows/docker-publish.yml
47 lines
1.7 KiB
YAML
47 lines
1.7 KiB
YAML
name: Hermes smoke test
|
|
description: >
|
|
Run the image's built-in entrypoint against `--help` and `dashboard --help`
|
|
to catch basic runtime regressions before publishing. Requires the image
|
|
to already be loaded into the local Docker daemon under `image`.
|
|
|
|
Works identically on amd64 and arm64 runners.
|
|
|
|
inputs:
|
|
image:
|
|
description: Fully-qualified image tag (e.g. nousresearch/hermes-agent:test)
|
|
required: true
|
|
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- name: Ensure /tmp/hermes-test is hermes-writable
|
|
shell: bash
|
|
run: |
|
|
# The image runs as the hermes user (UID 10000). GitHub Actions
|
|
# creates /tmp/hermes-test root-owned by default, which hermes
|
|
# can't write to — chown it to match the in-container UID before
|
|
# bind-mounting. Real users doing `docker run -v ~/.hermes:...`
|
|
# with their own UID hit the same issue and have their own
|
|
# remediations (HERMES_UID env var, or chown locally).
|
|
mkdir -p /tmp/hermes-test
|
|
sudo chown -R 10000:10000 /tmp/hermes-test
|
|
|
|
- name: hermes --help
|
|
shell: bash
|
|
run: |
|
|
docker run --rm \
|
|
-v /tmp/hermes-test:/opt/data \
|
|
--entrypoint /opt/hermes/docker/entrypoint.sh \
|
|
"${{ inputs.image }}" --help
|
|
|
|
- name: hermes dashboard --help
|
|
shell: bash
|
|
run: |
|
|
# Regression guard for #9153: dashboard was present in source but
|
|
# missing from the published image. If this fails, something in
|
|
# the Dockerfile is excluding the dashboard subcommand from the
|
|
# installed package.
|
|
docker run --rm \
|
|
-v /tmp/hermes-test:/opt/data \
|
|
--entrypoint /opt/hermes/docker/entrypoint.sh \
|
|
"${{ inputs.image }}" dashboard --help
|