adityamparikh opened a new pull request, #153: URL: https://github.com/apache/solr-mcp/pull/153
## Problem `build-and-publish.yml` has **never had a successful run** — it fails at *startup* with **zero jobs executed**, on every push to `main` and (as attributed) on every PR. Root cause: the `publish-docker` job uses `docker/login-action`, a third‑party action that is **not on the Apache org's GitHub Actions allow‑list**. Allow‑list rejection happens at workflow‑parse time, *before* the job's `if: github.event_name != 'pull_request'` guard is ever evaluated — so a publish job that wouldn't even run on PRs still takes the **entire workflow** down at startup, killing the `build` and `solr-compatibility` (Solr‑version matrix) jobs along with it. A prior fix (#145) SHA‑pinned the action to `650006c6…` (v4.2.0) on the assumption it was allow‑listed, but the workflow still never starts — unlike `native.yml`, whose graalvm pin (`329c42c`) genuinely is allow‑listed and now runs. ## Fix We do **not** publish images from this workflow (releases are handled by `release-publish.yml`), so rather than reauthenticate to a registry we don't use, this removes the publishing entirely: - **Remove the `publish-docker` job** (GHCR login + Jib push to GHCR/Docker Hub + summary) — this deletes the allow‑list‑blocking `docker/login-action` reference. - **Rename** the workflow `Build and Publish` → `Build and Test` (it no longer publishes). - **Drop the `tags: 'v*'` trigger**, which existed only to publish release images. - **Update the header docs** to reflect build + test; comparison notes for `release-publish.yml` / `nightly-build.yml` are left intact. Net: `20 insertions, 214 deletions`, one file. ## Result The workflow file now parses, so the next push to `main` runs `build` + `solr-compatibility` — the first green this workflow can produce. Because the (valid) `on:` block has no `pull_request` trigger, it will run on **main pushes + manual dispatch only** and stop appearing as a red ✗ on PRs; PR validation remains with `ci.yml`. ## Notes - `release-publish.yml` still references the same `docker/login-action@650006c6…` in two GHCR‑login steps. It's dormant (manual release trigger), so it isn't failing anything today, but it will hit the same startup failure whenever a release is run — worth a follow‑up (there the fix is an inline `docker login`, since releases do need to publish). 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
