Skip to content

ci: run build-test-push on all PRs, not just same-repo #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
yajo wants to merge 2 commits into
base: master
Choose a base branch
from
Open

ci: run build-test-push on all PRs, not just same-repo #39

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
367f1c9
ci: run build-test-push on all PRs, not just same-repo
yajo Jun 15, 2026
8ce6e42
ci: fix ghcr push credential consistency
yajo Jun 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
- uses: pre-commit/action@v1.0.1

build-test-push:
if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository)
if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || github.event_name == 'pull_request'
runs-on: ubuntu-latest
needs: pre-commit
permissions:
Expand Down Expand Up @@ -98,8 +98,9 @@ jobs:
REGISTRY_USERNAME: ${{ env.DOCKERHUB_LOGIN }}
run: ./hooks/push
- name: Push Docker Image to GitHub Registry
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository

@ljmnoonan ljmnoonan Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I apologize for the oversight on testing and pushing test pr images in #37
However, I do not think this step should be skipped entirely for PRs from forked repos. After all, If BOT_LOGIN and BOT_TOKEN are configured there should be no problems pushing.
To do this, we can either read these BOT credentials into env and set up a check for them when the event name is a PR like

if: github.event_name != 'pull_request' | | env.BOT_TOKEN && env.BOT_LOGIN && github.event_name = 'pull_request'

Or we can just assume that a repo accepting PRs from forks (really only this one) will always have BOT_LOGIN and BOT_TOKEN configured and will never fall back to GITHUB_TOKEN

env:
REGISTRY_HOST: ghcr.io
REGISTRY_TOKEN: ${{ secrets.BOT_TOKEN || secrets.GITHUB_TOKEN }}
REGISTRY_USERNAME: ${{ secrets.BOT_LOGIN || github.repository_owner }}
REGISTRY_TOKEN: ${{ secrets.BOT_LOGIN && secrets.BOT_TOKEN || secrets.GITHUB_TOKEN }}
REGISTRY_USERNAME: ${{ secrets.BOT_TOKEN && secrets.BOT_LOGIN || github.actor }}

@ljmnoonan ljmnoonan Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I may be mistaken, but I believe using github.actor will cause problems when the fork belongs to an organization.
If I push to github.com/MyOrg/docker-postgres-autoconf, using github.actor will cause this action to try to push the container to ghcr.io/myusername/docker-postgres-autoconf instead of ghcr.io/myorg/docker-postgres-autoconf

run: ./hooks/push
Loading