From bf10edeb2c031900ec5435fd0d82ebd777769fe8 Mon Sep 17 00:00:00 2001 From: Taylor Mutch Date: Thu, 7 May 2026 18:57:35 -0700 Subject: [PATCH] fix(release): pin macOS gateway supervisor image tag The macOS standalone gateway binary was built without OPENSHELL_IMAGE_TAG, so default_docker_supervisor_image_tag() fell through to CARGO_PKG_VERSION. The dev release pipeline patches that to e.g. 0.0.37-dev.147+g084c93b6a, leaving a '+' in the supervisor image tag which Docker rejects with 'invalid reference format', causing the gateway to crash-loop on Apple Silicon dev installs. PR #1259 fixed this for the Linux gateway binary but the macOS build path (which goes through deploy/docker/Dockerfile.gateway-macos under osxcross) was not covered. - release-dev.yml: pass OPENSHELL_IMAGE_TAG= to the macOS gateway docker build, matching the Linux fix. - release-tag.yml: pass OPENSHELL_IMAGE_TAG= to the macOS gateway docker build, matching the Linux fix. - Dockerfile.gateway-macos: declare ARG OPENSHELL_IMAGE_TAG so the build arg actually reaches cargo (matches the cli-macos Dockerfile pattern, including the comment about ARG placement to avoid invalidating dependency-build cache layers). --- .github/workflows/release-dev.yml | 1 + .github/workflows/release-tag.yml | 1 + deploy/docker/Dockerfile.gateway-macos | 3 +++ 3 files changed, 5 insertions(+) diff --git a/.github/workflows/release-dev.yml b/.github/workflows/release-dev.yml index 7b9bb2f92..62fbfab24 100644 --- a/.github/workflows/release-dev.yml +++ b/.github/workflows/release-dev.yml @@ -507,6 +507,7 @@ jobs: docker buildx build \ --file deploy/docker/Dockerfile.gateway-macos \ --build-arg OPENSHELL_CARGO_VERSION="${{ needs.compute-versions.outputs.cargo_version }}" \ + --build-arg OPENSHELL_IMAGE_TAG="${{ github.sha }}" \ --build-arg CARGO_TARGET_CACHE_SCOPE="${{ github.sha }}" \ --target binary \ --output type=local,dest=out/ \ diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml index 60966b3b6..c1726e943 100644 --- a/.github/workflows/release-tag.yml +++ b/.github/workflows/release-tag.yml @@ -626,6 +626,7 @@ jobs: docker buildx build \ --file deploy/docker/Dockerfile.gateway-macos \ --build-arg OPENSHELL_CARGO_VERSION="${{ needs.compute-versions.outputs.cargo_version }}" \ + --build-arg OPENSHELL_IMAGE_TAG="${{ needs.compute-versions.outputs.source_sha }}" \ --build-arg CARGO_TARGET_CACHE_SCOPE="${{ github.sha }}" \ --target binary \ --output type=local,dest=out/ \ diff --git a/deploy/docker/Dockerfile.gateway-macos b/deploy/docker/Dockerfile.gateway-macos index 4cae2f0e7..92bbd2d27 100644 --- a/deploy/docker/Dockerfile.gateway-macos +++ b/deploy/docker/Dockerfile.gateway-macos @@ -93,7 +93,10 @@ RUN touch crates/openshell-core/src/lib.rs \ crates/openshell-core/build.rs \ proto/*.proto +# Declare version ARGs here (not earlier) so the git-hash-bearing values do not +# invalidate the expensive dependency-build layers above on every commit. ARG OPENSHELL_CARGO_VERSION +ARG OPENSHELL_IMAGE_TAG RUN --mount=type=cache,id=cargo-registry-gateway-macos,sharing=locked,target=/root/.cargo/registry \ --mount=type=cache,id=cargo-git-gateway-macos,sharing=locked,target=/root/.cargo/git \ --mount=type=cache,id=cargo-target-gateway-macos-${CARGO_TARGET_CACHE_SCOPE},sharing=locked,target=/build/target \