From eef8aa9aebb45517039db5fbc6872c33eef2de02 Mon Sep 17 00:00:00 2001 From: Thomas Misilo Date: Wed, 20 Aug 2025 15:30:21 -0500 Subject: [PATCH] Enable building and pushing of images for PR's --- .github/workflows/reusable-docker-build.yml | 27 +++++++++------------ 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/.github/workflows/reusable-docker-build.yml b/.github/workflows/reusable-docker-build.yml index 8123149..e91e8fd 100644 --- a/.github/workflows/reusable-docker-build.yml +++ b/.github/workflows/reusable-docker-build.yml @@ -57,6 +57,7 @@ env: type=raw,value=latest,enable=${{ github.ref_name == github.event.repository.default_branch }} type=ref,event=branch,enable=${{ github.ref_name != github.event.repository.default_branch }} type=ref,event=tag + type=raw,value=pr-${{ github.event.pull_request.number }},enable=${{ github.event_name == 'pull_request' }} # Define default tag "flavor" for docker/metadata-action per # https://github.com/docker/metadata-action#flavor-input # We manage the 'latest' tag ourselves to the 'main' branch (see settings above) @@ -66,7 +67,6 @@ env: jobs: docker-build: - strategy: matrix: # Architectures / Platforms for which we will build Docker images @@ -94,7 +94,7 @@ jobs: # https://github.com/actions/checkout - name: Checkout codebase - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 # https://github.com/docker/setup-buildx-action - name: Setup Docker Buildx @@ -106,8 +106,8 @@ jobs: # https://github.com/docker/login-action - name: Login to DockerHub - # Only login if not a PR, as PRs only trigger a Docker build and not a push - if: ${{ ! matrix.isPr }} + # Only login if not from a fork + if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }} uses: docker/login-action@v3.5.0 with: username: ${{ secrets.DOCKER_USERNAME }} @@ -133,24 +133,23 @@ jobs: context: ${{ inputs.dockerfile_context }} file: ${{ inputs.dockerfile_path }} platforms: ${{ matrix.arch }} - # For pull requests, we run the Docker build (to ensure no PR changes break the build), - # but we ONLY do an image push to DockerHub if it's NOT a PR - push: ${{ ! matrix.isPr }} + # push if NOT a PR OR if it’s a same-repo PR + push: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }} # Use tags / labels provided by 'docker/metadata-action' above tags: ${{ steps.meta_build.outputs.tags }} labels: ${{ steps.meta_build.outputs.labels }} # Export the digest of Docker build locally (for non PRs only) - name: Export Docker build digest - if: ${{ ! matrix.isPr }} + if: ${{ !matrix.isPr }} run: | - mkdir -p /tmp/digests - digest="${{ steps.docker_build.outputs.digest }}" - touch "/tmp/digests/${digest#sha256:}" + mkdir -p /tmp/digests + digest="${{ steps.docker_build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" # Upload digest to an artifact, so that it can be used in manifest below - name: Upload Docker build digest to artifact - if: ${{ ! matrix.isPr }} + if: ${{ !matrix.isPr }} uses: actions/upload-artifact@v4.6.2 with: name: digests-${{ inputs.build_id }}-${{ env.ARCH_NAME }} @@ -165,8 +164,7 @@ jobs: docker-build_manifest: if: ${{ github.event_name != 'pull_request' }} runs-on: ubuntu-latest - needs: - - docker-build + needs: docker-build steps: - name: Download Docker build digests uses: actions/download-artifact@v5.0.0 @@ -202,4 +200,3 @@ jobs: - name: Inspect image run: | docker buildx imagetools inspect ${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} -