From c4320a255adb91f36e06d446756f97a13fa6c2b4 Mon Sep 17 00:00:00 2001
From: johndoe6345789 <john.doe6345789@gmail.com>
Date: Fri, 13 Mar 2026 22:25:59 +0000
Subject: [PATCH] perf(ci): skip base image builds when tag already exists in
 GHCR

Add a 'Check if image already exists in GHCR' step to tier1 and tier2
base image jobs. After GHCR login, inspect the branch-tagged manifest
and set exists=true if found. The metadata extract, build-push, and
attestation steps are all gated on exists != 'true', so subsequent
pushes that haven't changed Dockerfiles skip the 30-60 min conan/apt/
node/pip/android builds entirely.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/gated-pipeline.yml | 32 ++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/.github/workflows/gated-pipeline.yml b/.github/workflows/gated-pipeline.yml
index 3aae366eb..887bd187a 100644
--- a/.github/workflows/gated-pipeline.yml
+++ b/.github/workflows/gated-pipeline.yml
@@ -1403,8 +1403,22 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Check if image already exists in GHCR
+        id: check
+        shell: bash
+        run: |
+          IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.image }}:${{ github.ref_name }}"
+          if docker manifest inspect "$IMAGE" > /dev/null 2>&1; then
+            echo "exists=true" >> "$GITHUB_OUTPUT"
+            echo "Image $IMAGE already exists — skipping build"
+          else
+            echo "exists=false" >> "$GITHUB_OUTPUT"
+            echo "Image $IMAGE not found — will build"
+          fi
+
       - name: Extract metadata (tags, labels)
         id: meta
+        if: steps.check.outputs.exists != 'true'
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.image }}
@@ -1418,6 +1432,7 @@ jobs:
 
       - name: Build and push Docker image
         id: build
+        if: steps.check.outputs.exists != 'true'
         uses: docker/build-push-action@v6
         with:
           context: .
@@ -1433,6 +1448,7 @@ jobs:
             VCS_REF=${{ github.sha }}
 
       - name: Generate artifact attestation
+        if: steps.check.outputs.exists != 'true'
         uses: actions/attest-build-provenance@v4
         with:
           subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.image }}
@@ -1471,8 +1487,22 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Check if image already exists in GHCR
+        id: check
+        shell: bash
+        run: |
+          IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.image }}:${{ github.ref_name }}"
+          if docker manifest inspect "$IMAGE" > /dev/null 2>&1; then
+            echo "exists=true" >> "$GITHUB_OUTPUT"
+            echo "Image $IMAGE already exists — skipping build"
+          else
+            echo "exists=false" >> "$GITHUB_OUTPUT"
+            echo "Image $IMAGE not found — will build"
+          fi
+
       - name: Extract metadata (tags, labels)
         id: meta
+        if: steps.check.outputs.exists != 'true'
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.image }}
@@ -1486,6 +1516,7 @@ jobs:
 
       - name: Build and push Docker image
         id: build
+        if: steps.check.outputs.exists != 'true'
         uses: docker/build-push-action@v6
         with:
           context: .
@@ -1502,6 +1533,7 @@ jobs:
             VCS_REF=${{ github.sha }}
 
       - name: Generate artifact attestation
+        if: steps.check.outputs.exists != 'true'
         uses: actions/attest-build-provenance@v4
         with:
           subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.image }}