Skip to content

fix: skip Docker login and push steps for fork PRs #1850

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 14, 2025
Merged

fix: skip Docker login and push steps for fork PRs #1850

merged 2 commits into from
Nov 14, 2025

Conversation

@gounthar
Copy link
Collaborator

@gounthar gounthar commented Nov 14, 2025

Summary

Fixes Docker workflow failures when running from fork PRs by skipping login and push steps that require the GHCR_TOKEN secret.

Problem

The workflow was failing with "Password required" error when running on fork PRs (like the ones from gounthar/quickstart-tutorials):

GHCR_TOKEN: 
IS_FORK: true
##[error]Password required

GitHub doesn't provide repository secrets to fork PRs for security reasons, but the workflow was attempting to login and push to GHCR regardless.

Root Cause

The workflow detects forks with the IS_FORK check but doesn't use this check to skip Docker login and image push operations:

- name: Check if PR is from a fork
  run: echo "IS_FORK=$(if [ '${{ github.event.pull_request.head.repo.full_name }}' != '${{ github.repository }}' ]; then echo 'true'; else echo 'false'; fi)" >> $GITHUB_ENV

Then later, login and build-push steps would attempt to run even when IS_FORK == 'true'.

Solution

Added && env.IS_FORK == 'false' to the condition of:

  1. Login to GHCR step (1 step)
  2. All 11 build-and-push steps for different Docker images

This ensures these steps only run when the PR is from the upstream repository, where the GHCR_TOKEN secret is available.

Impact

  • ✅ Fork PRs can now run successfully without Docker login/push failures
  • ✅ Upstream PRs continue to build and push images as before
  • ✅ No change to scheduled runs or direct pushes to branches
  • ✅ Maintains security by not attempting operations that require unavailable secrets

Testing

This fix will allow fork PRs (like those from @gounthar) to pass the Docker workflow checks.

@gounthar
fix: skip Docker login and push steps for fork PRs
adb7bb6 
Add IS_FORK check to all Docker-related steps to prevent failures when
running from fork PRs. GitHub doesn't provide GHCR_TOKEN secret to fork
PRs for security reasons, causing login and push steps to fail.

Changes:
- Skip GHCR login when IS_FORK == 'true'
- Skip all build-and-push steps when IS_FORK == 'true'

This allows fork PRs to run successfully without attempting to push
images to the upstream registry.
@github-actions github-actions bot added the repo label Nov 14, 2025
@gounthar gounthar merged commit 90b9f48 into jenkins-docs:weekly Nov 14, 2025
4 checks passed
@gounthar gounthar deleted the fix-docker-login-fork-check branch November 14, 2025 10:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

repo

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gounthar