Deploy container images for both main and PRs #69
Conversation
chambridge
force-pushed
the
5175-push-prs-to-quay
branch
from
5c6c1b2
to
c0d0a1d
Compare
* Add script to set the QUAY_IMAGE_TAG based on main or pull request * Update travis push-to-quay stage Related to: https://pulp.plan.io/issues/5175 fixes #5175
chambridge
force-pushed
the
5175-push-prs-to-quay
branch
from
fba295a
to
0e01be9
Compare
|
Attached issue: https://pulp.plan.io/issues/5175 |
|
@chambridge we are using github actions now, sorry about that, we need to remove travis files to avoid confusion |
|
Looks like the pull request process is all GitHub Actions 🤷 and not travis-ci (must be leftover) . I'll circle up with @mikedep333 on just extending |
|
@fao89 Thanks must have been typing at the same time 😄 I can clean up the travis files if you like as a part of this. |
it would be great! |
Add quay push PR stage.
Create latest image for ci test and tag image tag for pr.
| - name: Setting secrets | ||
| run: python3 .github/workflows/scripts/secrets.py "$SECRETS_CONTEXT" | ||
| env: | ||
| SECRETS_CONTEXT: ${{ toJson(secrets) }} |
There was a problem hiding this comment.
actually github actions don't expose secrets on PRs.
In order to protect public repositories for malicious users
we run all pull request workflows raised from repository forks
with a read-only token and no access to secrets.
https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/
There was a problem hiding this comment.
🤔 Makes sense, but seems like if we want PR images pushed into quay we either need travis-ci or a Jenkins to be able to do this.
There was a problem hiding this comment.
we migrated from travis because of their new open-source policy
There was a problem hiding this comment.
Yeah, I do not know how to overcome this security limitation.
Other than to possibly create a different quay.io account for PRs.
There was a problem hiding this comment.
I strongly object. The security limitation is there for a reason. We should not even try to overcome it.
Is the "local" registry (not doing any push) not sufficient to serve any pr?
There was a problem hiding this comment.
Fine by me. Do we want to update https://pulp.plan.io/issues/5175 to just be travis clean up or close it out with master being built?
|
Closing this out PR and associated 5175. Will open a new task for the travis clean up based on my conversation with @mikedep333 |
Related to: https://pulp.plan.io/issues/5175