After today's refactor (commit 8372eea + follow-up fixes), matrix-relay
runs the single-file canonical ci.yml shape every other loco/* repo
uses: bao-checks → check → bump-prepare → build-image → bump-push.
The split bump.yml + release.yml pattern documented here previously
had two real problems flagged in the new memories:
1. Tag-as-publisher: bump.yml pushed the tag BEFORE the kaniko build
in release.yml ran, leaving a window where a build failure shipped
a tag pointing at no image (the v0.9.x "no bump; skipping build"
trap was this from the other side).
2. No CI-side validation of the image build on push — Dockerfile
breakage would only surface AFTER the tag was public.
Other today-findings folded in as cross-references:
- bump.sh v-prefix gotcha (sed strip before composing :v$VERSION)
- sccache wiring on the check step (3x speedup: 7m → 2m22s)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
9675705ec3