fix(ci): build all container images to GHCR before E2E tests

Move Gate 7 container builds (base images T1→T2→T3 + app images) to run right after Gate 1 instead of after Gate 3. Gate 2 (E2E) now depends on container-build-apps completing, so the smoke stack pulls prod images from GHCR — no special E2E images, same images used everywhere. - container-base-tier1 needs gate-1-complete (was gate-3-complete) - container-build-apps runs on all events including PRs - All images push: true unconditionally (E2E needs them in GHCR) - E2E just logs into GHCR, smoke compose pulls via image: directives - Added dbal + dbal-init to Gate 7 app matrix https://claude.ai/code/session_01ChKf8wbKQLBcNbBCtqCwT6
2026-04-24 13:54:57 +00:00 · 2026-03-11 21:03:24 +00:00
parent d7816b09be
commit 659324c823
2 changed files with 24 additions and 10 deletions
--- a/.github/workflows/gated-pipeline.yml
+++ b/.github/workflows/gated-pipeline.yml
@@ -654,13 +654,13 @@ jobs:
          path: gate-artifacts/

  # ============================================================================
-  # GATE 2: Testing Gates
+  # GATE 2: Testing Gates (runs after container images are published to GHCR)
  # ============================================================================

  gate-2-start:
    name: "Gate 2: Testing - Starting"
    runs-on: ubuntu-latest
-    needs: gate-1-complete
+    needs: [gate-1-complete, container-build-apps]
    steps:
      - name: Gate 2 checkpoint
        run: |
@@ -759,6 +759,13 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@v6

+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v4
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
      - name: Setup npm with Nexus
        uses: ./.github/actions/setup-npm
        with:
@@ -777,7 +784,7 @@ jobs:
          else
            echo "::warning::No playwright.config.ts found — E2E tests not configured"
          fi
-        timeout-minutes: 10
+        timeout-minutes: 15

      - name: Upload test results
        if: always()
@@ -1311,8 +1318,8 @@ jobs:
  container-base-tier1:
    name: "Gate 7 T1: ${{ matrix.image }}"
    runs-on: ubuntu-latest
-    needs: gate-3-complete
-    if: github.event_name != 'pull_request' && github.event_name != 'issues' && github.event_name != 'issue_comment'
+    needs: gate-1-complete
+    if: github.event_name != 'issues' && github.event_name != 'issue_comment'
    strategy:
      fail-fast: false
      matrix:
@@ -1363,7 +1370,7 @@ jobs:
          context: .
          file: ${{ matrix.dockerfile }}
          platforms: ${{ matrix.platforms }}
-          push: ${{ github.event_name != 'pull_request' }}
+          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha,scope=${{ matrix.image }}
@@ -1431,7 +1438,7 @@ jobs:
          context: .
          file: ${{ matrix.dockerfile }}
          platforms: ${{ matrix.platforms }}
-          push: ${{ github.event_name != 'pull_request' }}
+          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha,scope=${{ matrix.image }}
@@ -1490,7 +1497,7 @@ jobs:
          context: .
          file: ./deployment/base-images/Dockerfile.devcontainer
          platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
+          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha,scope=devcontainer
@@ -1512,7 +1519,7 @@ jobs:
    name: "Gate 7 App: ${{ matrix.image }}"
    runs-on: ubuntu-latest
    needs: [container-base-tier1]
-    if: github.event_name != 'pull_request' && github.event_name != 'issues' && github.event_name != 'issue_comment' && !failure()
+    if: github.event_name != 'issues' && github.event_name != 'issue_comment' && !failure()
    strategy:
      fail-fast: false
      matrix:
@@ -1538,6 +1545,12 @@ jobs:
          - image: exploded-diagrams
            context: .
            dockerfile: ./frontends/exploded-diagrams/Dockerfile
+          - image: dbal
+            context: ./dbal
+            dockerfile: ./dbal/production/build-config/Dockerfile
+          - image: dbal-init
+            context: .
+            dockerfile: ./deployment/config/dbal/Dockerfile.init
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
@@ -1571,7 +1584,7 @@ jobs:
        with:
          context: ${{ matrix.context }}
          file: ${{ matrix.dockerfile }}
-          push: ${{ github.event_name != 'pull_request' }}
+          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha,scope=${{ matrix.image }}