Puts docker-login action behind a conditional - allows outside contributors to pass CI #161
Conversation
…d supporting conditional
|
It looks like this is the only known path forward allowing outside contributors to use secrets: https://iterative.ai/blog/testing-external-contributions-using-github-actions-secrets But also, I ultimately think we don't need this - just PRs don't need to push to dockerhub at all, so they shoulnd't hit the login job. The conditional should live at a different place and block the job from proceeding beyond building the container image. We don't need container images to publish as a PR is submitted right? If we do, we can gate it behind a similar contributor/maintainer check like the above. |
…ls anyway (push is skipped unless this is a push to main)
brandonjbjelland
changed the title
brandonjbjelland
changed the title
|
@nstogner - I revised this to be simpler and smaller. All we needed was to put the action that uses secrets behind a conditional and they won't be accessed during PRs (saves us a step too). The docker build action will still run and won't push, as expected. Reference: https://github.com/docker/metadata-action/tree/v4/ |
brandonjbjelland
deleted the
feat/support-comment-and-ui-based-test-triggers
branch
What is this change?
Adds conditionals to docker-login, allowing outside contributors to get successful builds on their PRs.
Why make this change?
As we get outside contributions, it'd be great to see our entire build pipeline succeed on their PRs. This change allows us to skip the action that requires access to secrets.
Related
An example: https://github.com/docker/metadata-action/tree/v4/
#154