ci: add Docker image pull validation job (Phase 2)

- Add image-pull job to .gitea/workflows/ci.yml that detects image changes in *.nomad.hcl files on PRs and pulls each changed image - Remove act-runner labels config — default runner already uses docker.gitea.com/runner-images:ubuntu-latest which has docker CLI - Remove CONFIG_FILE env var from act-runner (no longer needed) - Mark Phase 2 complete in cicd-plan.md
2026-04-19 17:55:17 +10:00
parent 1b73fda11f
commit c14350f135
3 changed files with 37 additions and 15 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -52,3 +52,39 @@ jobs:
            echo "==> $f"
            nomad job validate "$f"
          done
+
+  image-pull:
+    name: Docker image pull validation
+    runs-on: ubuntu-latest
+    # Only run on PRs that touch nomad job specs
+    if: github.event_name == 'pull_request'
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Pull changed images
+        run: |
+          git fetch origin ${{ github.base_ref }}
+          IMAGES=$(git diff origin/${{ github.base_ref }}...HEAD -- '*.nomad.hcl' \
+            | grep '^+\s*image\s*=' \
+            | grep -oP '"[^"]+:[^"]+"' \
+            | tr -d '"' \
+            | sort -u)
+
+          if [ -z "$IMAGES" ]; then
+            echo "No image changes detected, skipping pull."
+            exit 0
+          fi
+
+          FAILED=0
+          while IFS= read -r image; do
+            echo "==> Pulling $image"
+            if ! docker pull "$image"; then
+              echo "ERROR: Failed to pull $image"
+              FAILED=1
+            fi
+          done <<< "$IMAGES"
+
+          exit $FAILED