Background

Our workflows as they are currently designed have become a pain point for engineers. The current way we call buildx builds can cause CI failures on new images when they fail to load into the local Docker image cache for testing. Products are also very difficult to rebuild after initial release, regardless of whether they are the latest version or an older version with a vulnerability to patch. With some refactoring, we should be able to make our Workflows more reliable, stable, and easy to use.

Goals

• Rebuild release images weekly
• Create a reusable Docker build/test/scan/push workflow that can be called by our other workflows
• Utilize official Github Actions where possible
• Ensure novel builds can still be tested and scanned prior to push
• Allow for products to more easily define different R/Python version combinations in image builds