"""Task 5: CI and Docker Build Integration — MEDIUM-HARD. Agent debugs combined workflow + Docker build integration failures: - Missing Buildx for multi-platform - Docker login needs secrets in env block - Build context path mismatch - Cache configuration errors - Missing Docker login before push """ from server.models import TaskDifficulty from server.tasks.base import BaseTask class CIDockerIntegrationTask(BaseTask): NAME = "CI and Docker Build Integration" DESCRIPTION = "Debug combined workflow and Docker build integration failures" DIFFICULTY = TaskDifficulty.MEDIUM AVAILABLE_SECRETS = ["DOCKER_USERNAME", "DOCKER_PASSWORD", "GITHUB_TOKEN"] SCENARIOS = [ # Scenario 1: Missing Buildx setup for multi-platform build { "id": "missing_buildx_for_platforms", "files": [ { "path": ".github/workflows/build.yml", "type": "workflow", "content": ( "name: Multi-platform Build\n" "on: push\n" "\n" "jobs:\n" " build:\n" " runs-on: ubuntu-latest\n" " steps:\n" " - uses: actions/checkout@v4\n" " - name: Build multi-platform\n" " uses: docker/build-push-action@v5\n" " with:\n" " context: .\n" " platforms: linux/amd64,linux/arm64\n" " push: false" ), }, { "path": "Dockerfile", "type": "dockerfile", "content": ( "FROM python:3.11-slim\n" "WORKDIR /app\n" "COPY . .\n" 'CMD ["python", "app.py"]' ), }, ], "error": { "phase": "docker_build", "message": ( "ERROR: Multi-platform build is not supported for the docker driver. " "Switch to a different driver, or turn on the containerd image store." ), "exit_code": 1, "failed_step": "Build multi-platform", }, "expected_fixes": [ { "file": ".github/workflows/build.yml", "type": "contains", "expected": "docker/setup-buildx-action", "hint": "Multi-platform builds require Docker Buildx setup step", } ], }, # Scenario 2: build-push-action without load:true, next step can't find image { "id": "missing_load_true", "files": [ { "path": ".github/workflows/build.yml", "type": "workflow", "content": ( "name: Build and Test\n" "on: push\n" "\n" "jobs:\n" " build:\n" " runs-on: ubuntu-latest\n" " steps:\n" " - uses: actions/checkout@v4\n" " - name: Set up Docker Buildx\n" " uses: docker/setup-buildx-action@v3\n" " - name: Build image\n" " uses: docker/build-push-action@v5\n" " with:\n" " context: .\n" " push: false\n" " tags: myapp:test\n" " - name: Run tests\n" " run: docker run myapp:test pytest" ), }, { "path": "Dockerfile", "type": "dockerfile", "content": ( "FROM python:3.11-slim\n" "WORKDIR /app\n" "COPY . .\n" "RUN pip install pytest\n" 'CMD ["python", "app.py"]' ), }, ], "error": { "phase": "docker_build", "message": ( "Unable to find image 'myapp:test' locally. " "docker: Error response from daemon: pull access denied for myapp." ), "exit_code": 1, "failed_step": "Run tests", }, "expected_fixes": [ { "file": ".github/workflows/build.yml", "type": "contains", "expected": "load: true", "hint": "build-push-action with Buildx doesn't load images into local Docker daemon by default — add 'load: true'", } ], }, # Scenario 3: Build context path wrong — using subdirectory but context is . { "id": "wrong_build_context", "files": [ { "path": ".github/workflows/build.yml", "type": "workflow", "content": ( "name: Build Backend\n" "on: push\n" "\n" "jobs:\n" " build:\n" " runs-on: ubuntu-latest\n" " steps:\n" " - uses: actions/checkout@v4\n" " - name: Build backend\n" " uses: docker/build-push-action@v5\n" " with:\n" " context: ./backend\n" " file: ./Dockerfile\n" " push: false" ), }, { "path": "Dockerfile", "type": "dockerfile", "content": ( "FROM python:3.11-slim\n" "WORKDIR /app\n" "COPY requirements.txt .\n" "RUN pip install -r requirements.txt\n" "COPY . .\n" 'CMD ["python", "app.py"]' ), }, { "path": "requirements.txt", "type": "requirements", "content": "flask==2.3.0", }, ], "error": { "phase": "docker_build", "message": ( "unable to prepare context: path \"./Dockerfile\" not found — " "Dockerfile path does not match build context" ), "exit_code": 1, "failed_step": "Build backend", }, "expected_fixes": [ { "file": ".github/workflows/build.yml", "type": "contains", "expected": "file: ./backend/Dockerfile", "hint": "When context is ./backend, the Dockerfile path must be relative to repo root: ./backend/Dockerfile", } ], }, # Scenario 4: Cache export without mode=max { "id": "cache_without_mode_max", "files": [ { "path": ".github/workflows/build.yml", "type": "workflow", "content": ( "name: Build with Cache\n" "on: push\n" "\n" "jobs:\n" " build:\n" " runs-on: ubuntu-latest\n" " steps:\n" " - uses: actions/checkout@v4\n" " - name: Set up Docker Buildx\n" " uses: docker/setup-buildx-action@v3\n" " - name: Build\n" " uses: docker/build-push-action@v5\n" " with:\n" " context: .\n" " push: false\n" " cache-from: type=gha\n" " cache-to: type=gha" ), }, { "path": "Dockerfile", "type": "dockerfile", "content": ( "FROM python:3.9-slim\n" "WORKDIR /app\n" "COPY . .\n" 'CMD ["python", "app.py"]' ), }, ], "error": { "phase": "docker_build", "message": ( "ERROR: cache export feature is currently not supported for docker driver. " "Please switch to a different driver" ), "exit_code": 1, "failed_step": "Build", }, "expected_fixes": [ { "file": ".github/workflows/build.yml", "type": "contains", "expected": "cache-to: type=gha,mode=max", "hint": "GHA cache needs mode=max for proper cache export", } ], }, # Scenario 5: Push without login { "id": "push_without_login", "files": [ { "path": ".github/workflows/build.yml", "type": "workflow", "content": ( "name: Build and Push\n" "on:\n" " push:\n" " tags: ['v*']\n" "\n" "jobs:\n" " build:\n" " runs-on: ubuntu-latest\n" " steps:\n" " - uses: actions/checkout@v4\n" " - name: Build image\n" " run: docker build -t myuser/myapp:${{ github.ref_name }} .\n" " - name: Push image\n" " run: docker push myuser/myapp:${{ github.ref_name }}" ), }, { "path": "Dockerfile", "type": "dockerfile", "content": ( "FROM python:3.11-slim\n" "WORKDIR /app\n" "COPY . .\n" 'CMD ["python", "app.py"]' ), }, ], "error": { "phase": "push", "message": "denied: requested access to the resource is denied — not logged in to registry", "exit_code": 1, "failed_step": "Push image", }, "expected_fixes": [ { "file": ".github/workflows/build.yml", "type": "contains", "expected": "docker login", "hint": "Add a Docker login step before pushing to a registry", }, ], }, ]