Fix Docker build errors when opening a PR from a fork. #40
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| pull_request: | |
| workflow_dispatch: | |
| name: CI-TEST | |
| env: | |
| IMAGE_NAME: ${{ github.repository }} #-test | |
| IMAGE_TAG: ${{ github.ref_name }} | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: /home/runner | |
| jobs: | |
| create-test-docker-image: | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| name: Create Test Docker image | |
| runs-on: ubuntu-latest | |
| outputs: | |
| NAME: ${{ env.IMAGE_NAME }} | |
| TAG: ${{ env.IMAGE_TAG }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Escape Docker image tag | |
| run: | | |
| echo "IMAGE_TAG=$(echo ${{ env.IMAGE_TAG }} | sed -e 's/\//-/g')" >> $GITHUB_ENV | |
| echo "IMAGE_NAME: ${{ env.IMAGE_NAME }}" | |
| echo "IMAGE_TAG: ${{ env.IMAGE_TAG }}" | |
| - name: Use 'main' Docker image tag if this is a PR from a fork | |
| id: origin | |
| shell: bash | |
| if: github.event.pull_request.head.repo.fork | |
| run: | | |
| echo gh.pr: ${{ github.event.pull_request.repo.full_name }} | |
| echo gh.fork: ${{ github.event.pull_request.head.repo.fork }} | |
| echo gh.repo: ${{ github.repository }} | |
| echo 'IMAGE_TAG=main' >> $GITHUB_ENV | |
| - name: Check if Dockerfile has changed | |
| uses: dorny/paths-filter@v3 | |
| id: changed | |
| with: | |
| base: ${{ github.ref_name }} | |
| filters: | | |
| dockerfile: | |
| - "appimage/test/docker/**" | |
| - name: Check if Docker image exists | |
| id: exists | |
| shell: bash | |
| run: | | |
| declare -a HEADERS=( | |
| '-H' "Accept: application/vnd.oci.image.manifest.v1+json" | |
| '-H' "Accept: application/vnd.oci.image.index.v1+json" | |
| '-H' "Authorization: Bearer $(echo ${{ secrets.GITHUB_TOKEN }} | base64)" | |
| ) | |
| RESULT=$(curl "${HEADERS[@]}" https://ghcr.io/v2/${IMAGE_NAME}/manifests/${IMAGE_TAG}) | |
| echo 'dockerimage<<EOF' >> $GITHUB_OUTPUT | |
| echo ${RESULT} | jq 'has("manifests")' >> $GITHUB_OUTPUT | |
| echo 'EOF' >> $GITHUB_OUTPUT | |
| echo | |
| echo exists: ${{ steps.exists.outputs.dockerimage }} | |
| - name: Check if we need to build the Docker image | |
| id: dockerimage | |
| if: | | |
| ! github.event.pull_request.head.repo.fork && | |
| (steps.changed.outputs.dockerfile == 'true' || steps.exists.outputs.dockerimage == 'false') | |
| run: | | |
| echo 'build=true' >> $GITHUB_OUTPUT | |
| - name: Debug Check | |
| shell: bash | |
| run: | | |
| echo IMAGE_NAME: ${{ env.IMAGE_NAME }} # <repo-owner>/<repo>-test | |
| echo IMAGE_TAG: ${{ env.IMAGE_TAG }} # <gh.ref_name> | |
| echo | |
| echo gh.actor: ${{ github.actor }} # antoinevg antoinevg | |
| echo gh.trig_actor: ${{ github.triggering_actor }} # antoinevg antoinevg | |
| echo gh.repo: ${{ github.repository }} # antoinevg/packetry greatscottgadgets/packetry | |
| echo gh.repo_owner: ${{ github.repository_owner }} # antoinevg greatscottgadgets | |
| echo gh.base_ref: ${{ github.base_ref }} # main | |
| echo gh.head_ref: ${{ github.head_ref }} # antoinevg/fix-pr-403 | |
| echo gh.ref_name: ${{ github.ref_name }} # antoinevg/fix-pr-403 149/merge | |
| echo | |
| echo check.forked: ${{ github.event.pull_request.head.repo.fork }} # true | |
| echo check.changed: ${{ steps.changed.outputs.dockerfile }} # true true | |
| echo check.exists: ${{ steps.exists.outputs.dockerimage }} # false false | |
| echo | |
| echo build: ${{ steps.dockerimage.outputs.build }} | |
| - name: Log in to the Container registry | |
| if: steps.dockerimage.outputs.build | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| if: steps.dockerimage.outputs.build | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push Docker image | |
| if: steps.dockerimage.outputs.build | |
| id: push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: appimage/test/docker/ | |
| push: true | |
| tags: ghcr.io/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | |
| cache-from: type=gha, scope=${{ env.IMAGE_TAG }} | |
| cache-to: type=gha, scope=${{ env.IMAGE_TAG }}, mode=max | |
| - name: Generate artifact attestation | |
| if: steps.dockerimage.outputs.build | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ghcr.io/${{ env.IMAGE_NAME }} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true | |
| test-remote: | |
| permissions: | |
| contents: read | |
| packages: read | |
| needs: create-test-docker-image | |
| name: Run test action | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ghcr.io/${{ needs.create-test-docker-image.outputs.NAME }}:${{ needs.create-test-docker-image.outputs.TAG }} | |
| options: --user root # see: https://github.com/actions/checkout/issues/1014 | |
| credentials: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Check image name & tag | |
| run: | | |
| echo "NAME: ${{ needs.create-test-docker-image.outputs.NAME }}" | |
| echo "TAG: ${{ needs.create-test-docker-image.outputs.TAG }}" | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Check environment | |
| run: | | |
| echo PATH: $PATH | |
| echo HOME: $HOME | |
| echo pwd: `pwd` | |
| ls -al | |
| - name: Test Action | |
| uses: ./appimage/test/ | |
| with: | |
| executable: ./target/release/packetry |