From b7e920b26d779b549e1a6144bca8dbe086b63142 Mon Sep 17 00:00:00 2001 From: nodiscc Date: Wed, 22 Nov 2023 16:38:06 +0100 Subject: [PATCH] github actions: don't attempt to push docker image from forks - only push the docker image to the ghcr registry when on the original shaarli/Shaarli fork - only run trivy docker image scans on the original shaarli/Shaarli fork - prevents 'Username and password required' errors when committing to forks which do not have the required CI secrets (registry username/password) set --- .github/workflows/docker-latest.yml | 5 ++++- .github/workflows/docker-tags.yml | 7 ++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-latest.yml b/.github/workflows/docker-latest.yml index 76f797063..af2d75e33 100644 --- a/.github/workflows/docker-latest.yml +++ b/.github/workflows/docker-latest.yml @@ -12,11 +12,13 @@ jobs: uses: docker/setup-buildx-action@v2 - name: Login to DockerHub + if: github.repository == 'shaarli/Shaarli' uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry + if: github.repository == 'shaarli/Shaarli' uses: docker/login-action@v2 with: registry: ghcr.io @@ -34,7 +36,7 @@ jobs: uses: docker/build-push-action@v4 with: context: . - push: true + push: ${{ github.repository == 'shaarli/Shaarli' }} platforms: linux/amd64,linux/arm64,linux/arm/v7 tags: | ${{ secrets.DOCKER_IMAGE }}:latest @@ -42,4 +44,5 @@ jobs: - name: Image digest run: echo ${{ steps.docker_build.outputs.digest }} - name: Run trivy scanner on latest docker image + if: github.repository == 'shaarli/Shaarli' run: make test_trivy_docker TRIVY_EXIT_CODE=0 TRIVY_TARGET_DOCKER_IMAGE=ghcr.io/${{ secrets.DOCKER_IMAGE }}:latest diff --git a/.github/workflows/docker-tags.yml b/.github/workflows/docker-tags.yml index b9412f525..e21e228d8 100644 --- a/.github/workflows/docker-tags.yml +++ b/.github/workflows/docker-tags.yml @@ -18,12 +18,13 @@ jobs: uses: docker/setup-buildx-action@v2 - name: Login to DockerHub + if: github.repository == 'shaarli/Shaarli' uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Login to GitHub Container Registry + - name: Login to GitHub Container Registry + if: github.repository == 'shaarli/Shaarli' uses: docker/login-action@v2 with: registry: ghcr.io @@ -34,7 +35,7 @@ jobs: id: docker_build uses: docker/build-push-action@v3 with: - push: true + push: ${{ github.repository == 'shaarli/Shaarli' }} platforms: linux/amd64,linux/arm/v7 tags: | ${{ secrets.DOCKER_IMAGE }}:${{ env.REF }}