Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Workflow: PR Conditional Build and Push Image to Quay.io Repo #805

Closed
wants to merge 1 commit into from

Conversation

dlaw4608
Copy link
Contributor

Closes: #241

To solve the issue of pull requests (PRs) coming from forks not being able to trigger the build and push of images, a new workflow has been implemented.

Summary:

This workflow leverages the pull_request_target event and performs the build and push only if the forked_image_approved label is applied to the PR. This ensures that only approved changes can trigger the image build and push process, maintaining security for secrets.

name: PR Conditional Build and Push Image to Quay.io Repo

on:
  pull_request_target:
    types: [labeled, opened, synchronize, reopened]

jobs:
  workflow-build:
    if: ${{ github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'forked_image_approved') }}
    name: Calls build-images-base workflow
    uses: ./.github/workflows/build-images-base.yaml
    secrets: inherit
    with:
      kuadrantOperatorVersion: ${{ github.event.pull_request.user.login }}-${{ github.event.pull_request.number }}
      kuadrantOperatorTag: ${{ github.event.pull_request.user.login }}-${{ github.event.pull_request.number }} 

Verification Steps

  1. Create a Pull Request from a Fork:
  • Fork the repository and make changes that affect the Docker image build.
  • Create a pull request (PR) from the forked repository to the base repository.
  1. Apply the forked_image_approved Label:
  • As a maintainer, review the incoming PR.
  • If the changes are approved, apply the forked_image_approved label to the PR.
  1. Check Workflow Execution:
  • Verify that the PR Conditional Build and Push Image to Quay.io Repo workflow is triggered upon applying the label.
  • Ensure the workflow runs successfully, building and pushing the Docker images.
  1. Verify Image Push:
  • After the workflow completes, check the Quay.io repository.
  • Confirm that the image is built and pushed with the tags corresponding to the PR (e.g., username-PRnumber).

Should look like this:

(https://github.com/user-attachments/assets/563717f2-9442-47fb-afbe-e0a83333e8cd)

@dlaw4608 dlaw4608 self-assigned this Aug 15, 2024
…for the Quay.io Kuadrant Operator Registry

Signed-off-by: dlaw4608 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant