Fix Docker build errors when opening a PR from a fork. #36
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| pull_request: | |
| workflow_dispatch: | |
| name: CI-TEST | |
| env: | |
| IMAGE_NAME: ${{ github.repository }}-test | |
| IMAGE_TAG: ${{ github.ref_name }} | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: /home/runner | |
| jobs: | |
| create-test-docker-image: | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| name: Create Test Docker image | |
| runs-on: ubuntu-latest | |
| outputs: | |
| NAME: ${{ env.IMAGE_NAME }} | |
| TAG: ${{ env.IMAGE_TAG }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Escape Docker image tag | |
| run: | | |
| echo "IMAGE_TAG=$(echo ${{ env.IMAGE_TAG }} | sed -e 's/\//-/g')" >> $GITHUB_ENV | |
| echo "IMAGE_NAME: ${{ env.IMAGE_NAME }}" | |
| echo "IMAGE_TAG: ${{ env.IMAGE_TAG }}" | |
| - name: Use 'main' Docker image tag if this is a PR from a fork | |
| id: origin | |
| shell: bash | |
| if: github.event.pull_request.head.repo.fork | |
| run: | | |
| echo gh.pr: ${{ github.event.pull_request.repo.full_name }} | |
| echo gh.fork: ${{ github.event.pull_request.head.repo.fork }} | |
| echo gh.repo: ${{ github.repository }} | |
| echo 'IMAGE_TAG=main' >> $GITHUB_ENV | |
| - name: Check if Dockerfile has changed | |
| uses: dorny/paths-filter@v3 | |
| id: changed | |
| with: | |
| base: ${{ github.ref_name }} | |
| filters: | | |
| dockerfile: | |
| - "appimage/test/docker/**" | |
| - name: Check if Docker image exists | |
| id: exists | |
| shell: bash | |
| run: | | |
| declare -a HEADERS=( | |
| '-H' "Accept: application/vnd.oci.image.manifest.v1+json" | |
| '-H' "Accept: application/vnd.oci.image.index.v1+json" | |
| '-H' "Authorization: Bearer $(echo ${{ secrets.GITHUB_TOKEN }} | base64)" | |
| ) | |
| RESULT=$(curl "${HEADERS[@]}" https://ghcr.io/v2/${IMAGE_NAME}/manifests/${IMAGE_TAG}) | |
| echo 'dockerimage<<EOF' >> $GITHUB_OUTPUT | |
| echo ${RESULT} | jq 'has("manifests")' >> $GITHUB_OUTPUT | |
| echo 'EOF' >> $GITHUB_OUTPUT | |
| echo | |
| echo exists: ${{ steps.changed.outputs.dockerfile }} | |
| - name: Check if we need to build the Docker image | |
| id: dockerimage | |
| if: | | |
| ! github.event.pull_request.head.repo.fork && | |
| (steps.changed.outputs.dockerfile == 'true' || steps.exists.outputs.dockerimage == 'false') | |
| run: | | |
| echo 'build=true' >> $GITHUB_OUTPUT | |
| - name: Debug Check | |
| shell: bash | |
| run: | | |
| echo IMAGE_NAME: ${{ env.IMAGE_NAME }} # <repo-owner>/<repo>-test | |
| echo IMAGE_TAG: ${{ env.IMAGE_TAG }} # <gh.ref_name> | |
| echo | |
| echo gh.actor: ${{ github.actor }} # antoinevg | |
| echo gh.trig_actor: ${{ github.triggering_actor }} # antoinevg | |
| echo gh.repo: ${{ github.repository }} # antoinevg/packetry | |
| echo gh.repo_owner: ${{ github.repository_owner }} # antoinevg | |
| echo gh.base_ref: ${{ github.base_ref }} # | |
| echo gh.head_ref: ${{ github.head_ref }} # | |
| echo gh.ref_name: ${{ github.ref_name }} # antoinevg/fix-pr-403 | |
| echo | |
| echo check.forked: ${{ github.event.pull_request.head.repo.fork }} # | |
| echo check.changed: ${{ steps.changed.outputs.dockerfile }} # true | |
| echo check.exists: ${{ steps.exists.outputs.dockerimage }} # false | |
| echo | |
| echo build: ${{ steps.dockerimage.outputs.build }} | |
| - name: Log in to the Container registry | |
| if: steps.dockerimage.outputs.build | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| if: steps.dockerimage.outputs.build | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push Docker image | |
| if: steps.dockerimage.outputs.build | |
| id: push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: appimage/test/docker/ | |
| push: true | |
| tags: ghcr.io/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | |
| cache-from: type=gha, scope=${{ env.IMAGE_TAG }} | |
| cache-to: type=gha, scope=${{ env.IMAGE_TAG }}, mode=max | |
| - name: Generate artifact attestation | |
| if: steps.dockerimage.outputs.build | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ghcr.io/${{ env.IMAGE_NAME }} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true | |
| test-remote: | |
| permissions: | |
| contents: read | |
| packages: read | |
| needs: create-test-docker-image | |
| name: Run test action | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ghcr.io/${{ needs.create-test-docker-image.outputs.NAME }}:${{ needs.create-test-docker-image.outputs.TAG }} | |
| options: --user root # see: https://github.com/actions/checkout/issues/1014 | |
| credentials: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Check image name & tag | |
| run: | | |
| echo "NAME: ${{ needs.create-test-docker-image.outputs.NAME }}" | |
| echo "TAG: ${{ needs.create-test-docker-image.outputs.TAG }}" | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Check environment | |
| run: | | |
| echo PATH: $PATH | |
| echo HOME: $HOME | |
| echo pwd: `pwd` | |
| ls -al | |
| - name: Test Action | |
| uses: ./appimage/test/ | |
| with: | |
| executable: ./target/release/packetry |