Pin docker/bake-action to fix build

.github/workflows/build.yml

@@ -55,7 +55,9 @@ jobs:
 
             - name: Build and upload to ghcr.io 📤
               id: build-upload
-              uses: docker/bake-action@v5
+              # We need to pin exact version here, since updates can break
+              # the extract-image-names.sh script
+              uses: docker/[email protected]
               with:
                   push: true
                   # Using provenance to disable default attestation so it will build only desired images:
@@ -71,9 +73,15 @@ jobs:
                       build.json
                       .github/workflows/env.hcl
 
-            - name: Set output variables
+            - name: Set output image names
               id: bake_metadata
+              # bake-action metadata output has gotten too big, so we first write it
+              # to a file. See https://github.com/aiidalab/aiidalab-docker-stack/issues/491
               run: |
-                  .github/workflows/extract-image-names.sh | tee -a "${GITHUB_OUTPUT}" | awk -F'=' '{print $2}' | jq
-              env:
-                  BAKE_METADATA: ${{ steps.build-upload.outputs.metadata }}
+                  cat << EOF > bake_metadata.json
+                  ${{ steps.build-upload.outputs.metadata }}
+                  EOF
+                  images=$(.github/workflows/extract-image-names.sh bake_metadata.json)
+                  echo "images=${images}" >> "${GITHUB_OUTPUT}"
+                  # Pretty-print for GHA logs
+                  echo "$images" | jq

.github/workflows/extract-image-names.sh

@@ -2,13 +2,14 @@
 
 set -euo pipefail
 
+metadata_file=$1
 # Extract image names together with their sha256 digests
 # from the docker/bake-action metadata output.
 # These together uniquely identify newly built images.
 
-# The input to this script is a JSON string passed via BAKE_METADATA env variable
+# The input to this script is a json file (filename passed as first parameter to the script)
 # Here's example input (trimmed to relevant bits):
-# BAKE_METADATA: {
+# {
 #    "base": {
 #      "containerimage.descriptor": {
 #        "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
@@ -35,23 +36,17 @@ set -euo pipefail
 #    }
 #  }
 #
-# Example output (real output is on one line):
+# Example output with trimmed SHAs (real output is on one line):
 #
-# images={
-#   "BASE_IMAGE": "ghcr.io/aiidalab/base@sha256:8e57a52b924b67567314b8ed3c968859cad99ea13521e60bbef40457e16f391d",
-#   "BASE_WITH_SERVICES_IMAGE": "ghcr.io/aiidalab/base-with-services@sha256:6753a809b5b2675bf4c22408e07c1df155907a465b33c369ef93ebcb1c4fec26",
-#   "FULL_STACK_IMAGE": "ghcr.io/aiidalab/full-stack@sha256:85ee91f61be1ea601591c785db038e5899d68d5fb89e07d66d9efbe8f352ee48",
-#   "LAB_IMAGE": "ghcr.io/aiidalab/lab@sha256:4d9be090da287fcdf2d4658bb82f78bad791ccd15dac9af594fb8306abe47e97"
+# {
+#   "BASE_IMAGE": "ghcr.io/aiidalab/base@sha256:8e57a52b92",
+#   "BASE_WITH_SERVICES_IMAGE": "ghcr.io/aiidalab/base-with-services@sha256:6753a809",
+#   "FULL_STACK_IMAGE": "ghcr.io/aiidalab/full-stack@sha256:85ee91f61be",
+#   "LAB_IMAGE": "ghcr.io/aiidalab/lab@sha256:4d9be090da2"
 # }
 #
 # This json output is later turned to environment variables using fromJson() GHA builtin
 # (e.g. BASE_IMAGE=ghcr.io/aiidalab/base@sha256:8e57a52b...)
 # and these are in turn read in the docker-compose.<target>.yml files for tests.
 
-if [[ -z ${BAKE_METADATA-} ]];then
-    echo "ERROR: Environment variable BAKE_METADATA is not set!"
-    exit 1
-fi
-
-images=$(echo "${BAKE_METADATA}" | jq -c '. as $base |[to_entries[] |{"key": (.key|ascii_upcase|sub("-"; "_"; "g") + "_IMAGE"), "value": [(.value."image.name"|split(",")[0]),.value."containerimage.digest"]|join("@")}] |from_entries')
-echo "images=$images"
+jq -c '. as $base |[to_entries[] |{"key": (.key|ascii_upcase|sub("-"; "_"; "g") + "_IMAGE"), "value": [(.value."image.name"|split(",")[0]),.value."containerimage.digest"]|join("@")}] |from_entries' $metadata_file