diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml index ff93068efb..73b6f87e6f 100644 --- a/.github/actionlint.yaml +++ b/.github/actionlint.yaml @@ -30,4 +30,15 @@ name-pattern: # Allows docker image names - "uses: docker://.*" # Block actions/checkout@v4 - require sha pinning - #- "!uses: actions/checkout@v[0-9]+" \ No newline at end of file + #- "!uses: actions/checkout@v[0-9]+" + +# DEVOPS-1029: actionlint (v1.7.x) has no schema yet for the GitHub Actions +# parallel-steps feature (background:/wait:, GA 2026-06-25). It flags the +# background: keys and the wait-only barrier step in push-head-images.yaml. +# Suppress exactly those two messages, only for that one file, until actionlint +# ships native support; then delete this block. +paths: + .github/workflows/push-head-images.yaml: + ignore: + - 'unexpected key "background" for step' + - 'step must run script with "run" section or run action with "uses" section' \ No newline at end of file diff --git a/.github/workflows/push-head-images.yaml b/.github/workflows/push-head-images.yaml index 3564ae711c..4ca70accc7 100644 --- a/.github/workflows/push-head-images.yaml +++ b/.github/workflows/push-head-images.yaml @@ -64,26 +64,44 @@ jobs: with: fetch-depth: 0 + # DEVOPS-1029: these setup steps are independent of one another, so they + # run concurrently. Each is backgrounded with an id, and the wait barrier + # below blocks until all of them finish, guaranteeing every tool is on + # PATH before goreleaser builds. The registry login stays serial to avoid + # a ~/.docker/config.json write race. - name: Set up Go + id: setup-go + background: true uses: actions/setup-go@v6 with: cache: false go-version-file: go.mod - name: Install just + id: setup-just + background: true uses: extractions/setup-just@v1 - name: Set up QEMU + id: setup-qemu + background: true uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx + id: setup-buildx + background: true uses: docker/setup-buildx-action@v3 - name: Setup Cosgin + id: setup-cosign + background: true uses: sigstore/cosign-installer@main with: cosign-release: "v2.2.3" + - name: Wait for setup tools + wait: [setup-go, setup-just, setup-qemu, setup-buildx, setup-cosign] + - name: Log in to GitHub Container Registry uses: docker/login-action@v3 with: