mirror/bazzite
1
0
Fork 0
mirror of https://github.com/ublue-os/bazzite.git synced 2025-03-24 22:43:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(ci): Enable PR tagged images on pull request approval (#139)

Browse Source 
Submits an image to the GitHub Container Registry on pull request approval, permitting
approved pull requests to be tested before being merged.

Requires branch protection rule: 'Require approval of the most recent reviewable push'

This rule ensures that the state of a PR is reset after a new commit has been pushed to
an open pull request.
This commit is contained in:
RJ Trujillo 2023-08-13 18:33:00 -06:00 committed by GitHub
parent b3fce74a8d
commit bee119d6e5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/build.yml vendored
View File

@ -10,6 +10,8 @@ on:
- '**.txt' - '**.txt'
- 'repo_content/**' - 'repo_content/**'
- 'spec_files/**' - 'spec_files/**'
pull_request_review:
type: [submitted]
push: push:
branches: branches:
- main - main
@ -26,6 +28,7 @@ env:
jobs: jobs:
push-ghcr: push-ghcr:
name: Build and push image name: Build and push image
if: github.event.review.state == 'approved' || github.event_name != 'pull_request_review'
runs-on: buildjet-2vcpu-ubuntu-2204 runs-on: buildjet-2vcpu-ubuntu-2204
permissions: permissions:
contents: read contents: read
@ -164,7 +167,7 @@ jobs:
- name: Push To GHCR - name: Push To GHCR
uses: redhat-actions/push-to-registry@v2 uses: redhat-actions/push-to-registry@v2
id: push id: push
if: github.event_name != 'pull_request' if: github.event.review.state == 'approved' || github.event_name != 'pull_request'
env: env:
REGISTRY_USER: ${{ github.actor }} REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ github.token }} REGISTRY_PASSWORD: ${{ github.token }}
@ -179,7 +182,7 @@ jobs:
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v2 uses: docker/login-action@v2
if: github.event_name != 'pull_request' if: github.event.review.state == 'approved' || github.event_name != 'pull_request'
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
@ -187,10 +190,10 @@ jobs:
# Sign container # Sign container
- uses: sigstore/cosign-installer@v3.1.1 - uses: sigstore/cosign-installer@v3.1.1
if: github.event_name != 'pull_request' if: github.event.review.state == 'approved' || github.event_name != 'pull_request'
- name: Sign container image - name: Sign container image
if: github.event_name != 'pull_request' if: github.event.review.state == 'approved' || github.event_name != 'pull_request'
run: | run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS} cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS}
env: env:
@ -199,6 +202,6 @@ jobs:
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
- name: Echo outputs - name: Echo outputs
if: github.event_name != 'pull_request' if: github.event.review.state == 'approved' || github.event_name != 'pull_request'
run: | run: |
echo "${{ toJSON(steps.push.outputs) }}" echo "${{ toJSON(steps.push.outputs) }}"