Skip to content

release docker image weekly for e2e test #1268

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
johnsonjie wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

release docker image weekly for e2e test #1268

Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
fb869a8
release docker image weekly for e2e test
johnsonjie Jan 13, 2026
622a099
lock checkout commit
johnsonjie Jan 13, 2026
69c722f
update image repo
johnsonjie Jan 13, 2026
9f89dad
update workflow
johnsonjie Jan 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 57 additions & 0 deletions .github/workflows/docker-e2e.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
name: Docker E2E Weekly

on:
# Trigger every Friday at 00:00 UTC. You can adjust the cron expression as needed.
schedule:
- cron: '0 0 * * 5'
# Allow manual triggering from the Actions tab (useful for testing).
workflow_dispatch:

jobs:
build-and-push:
runs-on:
group: scroll-reth-runner-group
permissions: {}

Comment on lines 11 to 14
Copy link

@coderabbitai coderabbitai bot Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

# Read the full workflow file to understand context and checkout usage
cat -n .github/workflows/docker-e2e.yaml

Repository: scroll-tech/go-ethereum

Length of output: 2369

🏁 Script executed:

# Check if this is a public or private repository and if it has special features
git config --local --list | grep -E "url|remote"

Repository: scroll-tech/go-ethereum

Length of output: 487

🏁 Script executed:

# Search for any GitHub runner group configurations and understand the setup
fd -t f "*.yaml" ".github/" -exec grep -l "scroll-reth-runner-group" {} \;

Repository: scroll-tech/go-ethereum

Length of output: 571

🌐 Web query:

actions/checkout v4 permissions required GITHUB_TOKEN contents:read

💡 Result:

Yes — actions/checkout v4 expects the GITHUB_TOKEN to have at least contents: read. The checkout README recommends setting:

permissions:
contents: read

(Or provide an alternate token/ssh-key via the action inputs.) [1][2]

Sources:
[1] actions/checkout README (checkout v4).
[2] GitHub Docs — controlling permissions for the GITHUB_TOKEN.

🏁 Script executed:

# Search for any issues or error logs related to checkout in this workflow
# Check if workflow has ever failed
git log --oneline --all --grep="checkout" --since="2024-01-01" | head -20

Repository: scroll-tech/go-ethereum

Length of output: 164

🏁 Script executed:

# Look for any workflow run artifacts or error messages
# Check .github for any other references to permissions or checkout
rg -A 3 -B 3 "permissions" .github/

Repository: scroll-tech/go-ethereum

Length of output: 5226

Add contents: read permission for checkout to function.

actions/checkout@v4 requires the GITHUB_TOKEN to have at least contents: read scope. With permissions: {}, the action will fail to authenticate and retrieve the repository code.

Proposed fix 
 jobs:
   build-and-push:
     runs-on:
       group: scroll-reth-runner-group
-    permissions: {}
+    permissions:
+      contents: read
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
build-and-push:
runs-on:
group: scroll-reth-runner-group
permissions: {}
build-and-push:
runs-on:
group: scroll-reth-runner-group
permissions:
contents: read
🤖 Prompt for AI Agents 
In @.github/workflows/docker-e2e.yaml around lines 11 - 15, The workflow job
"build-and-push" currently sets permissions to an empty object which prevents
actions/checkout@v4 from authenticating; update the job's permissions to include
at least "contents: read" so the GITHUB_TOKEN can fetch the repository (i.e.,
change permissions from {} to include contents: read), ensuring
actions/checkout@v4 can succeed during the run.

steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false

- name: Set up QEMU
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
with:
cache-binary: false

- name: Extract docker metadata
id: meta
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: scrolltech/rollup-node
# Force the tag to be 'e2e-test'
tags: |
type=raw,value=e2e-test
flavor: |
latest=false

- name: Login to Docker Hub
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 #v3.4.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Build and push docker image
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: .
file: Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# Use a separate cache scope to avoid polluting the production build cache
# cache-from: type=gha,scope=${{ github.workflow }}-e2e
# cache-to: type=gha,scope=${{ github.workflow }}-e2e
Loading