|
1 | 1 | permissions: |
2 | 2 | contents: read |
3 | 3 | packages: write |
| 4 | + pull-requests: write |
4 | 5 |
|
5 | 6 | name: Build, Test & Deploy |
6 | 7 |
|
|
41 | 42 | DOCKER_IMAGE_NAME: ${{ github.repository }} |
42 | 43 | # Push only on non-PR events (push to main/tags, workflow_dispatch) |
43 | 44 | PUSH: ${{ toJSON(github.event_name != 'pull_request') }} |
| 45 | + # Push PR image only for PRs from the same repository |
| 46 | + PUSH_PR_IMAGE: |
| 47 | + ${{ toJSON(github.event_name == 'pull_request' && |
| 48 | + github.event.pull_request.head.repo.full_name == github.repository) }} |
44 | 49 | steps: |
45 | 50 | # Set up Docker Environment |
46 | 51 | - uses: actions/checkout@v4 |
|
89 | 94 | echo "Actor: $GITHUB_ACTOR" |
90 | 95 | echo "Event: $GITHUB_EVENT_NAME" |
91 | 96 | echo "Ref: $GITHUB_REF" |
| 97 | + echo "PUSH: ${{ env.PUSH }}" |
| 98 | + echo "PR: ${{ env.PUSH_PR_IMAGE }}" |
92 | 99 | - name: Login to GitHub Container Registry |
93 | | - if: ${{ fromJSON(env.PUSH) }} |
| 100 | + if: ${{ fromJSON(env.PUSH) || fromJSON(env.PUSH_PR_IMAGE) }} |
94 | 101 | uses: docker/login-action@v3 |
95 | 102 | with: |
96 | 103 | registry: ghcr.io |
@@ -125,3 +132,74 @@ jobs: |
125 | 132 | cache-to: type=local,dest=/tmp/.buildx-cache,mode=max |
126 | 133 | labels: ${{ steps.docker_meta_public.outputs.labels }} |
127 | 134 | tags: ${{ steps.docker_meta_public.outputs.tags }} |
| 135 | + |
| 136 | + - name: Docker meta for PR image |
| 137 | + if: ${{ fromJSON(env.PUSH_PR_IMAGE) }} |
| 138 | + id: docker_meta_pr |
| 139 | + uses: crazy-max/ghaction-docker-meta@v1 |
| 140 | + with: |
| 141 | + images: | |
| 142 | + ghcr.io/tecnativa/docker-whitelist-gateway-service |
| 143 | + tags: | |
| 144 | + type=raw,value=pr-${{ github.event.pull_request.number }} |
| 145 | + type=raw,value=pr-${{ github.event.pull_request.number }}-${{ github.sha }} |
| 146 | +
|
| 147 | + - name: Build and push PR image to GHCR |
| 148 | + if: ${{ fromJSON(env.PUSH_PR_IMAGE) }} |
| 149 | + uses: docker/build-push-action@v4 |
| 150 | + with: |
| 151 | + context: . |
| 152 | + file: ./Dockerfile |
| 153 | + platforms: | |
| 154 | + linux/386 |
| 155 | + linux/amd64 |
| 156 | + linux/arm64 |
| 157 | + load: false |
| 158 | + push: true |
| 159 | + provenance: false |
| 160 | + cache-from: type=local,src=/tmp/.buildx-cache |
| 161 | + cache-to: type=local,dest=/tmp/.buildx-cache,mode=max |
| 162 | + labels: ${{ steps.docker_meta_pr.outputs.labels }} |
| 163 | + tags: ${{ steps.docker_meta_pr.outputs.tags }} |
| 164 | + |
| 165 | + - name: Comment PR with test image |
| 166 | + if: ${{ fromJSON(env.PUSH_PR_IMAGE) }} |
| 167 | + uses: actions/github-script@v7 |
| 168 | + with: |
| 169 | + script: | |
| 170 | + const pr = context.payload.pull_request.number; |
| 171 | + const owner = context.repo.owner; |
| 172 | + const repo = context.repo.repo; |
| 173 | + const image = `ghcr.io/tecnativa/docker-whitelist-gateway-service:pr-${pr}`; |
| 174 | + const marker = "<!-- pr-test-image-comment -->"; |
| 175 | + const body = `${marker} |
| 176 | + Test image published: |
| 177 | + \`${image}\``; |
| 178 | +
|
| 179 | + const { data: comments } = await github.rest.issues.listComments({ |
| 180 | + owner, |
| 181 | + repo, |
| 182 | + issue_number: pr, |
| 183 | + per_page: 100, |
| 184 | + }); |
| 185 | +
|
| 186 | + const existing = comments.find(comment => |
| 187 | + comment.user?.type === "Bot" && |
| 188 | + comment.body?.includes(marker) |
| 189 | + ); |
| 190 | +
|
| 191 | + if (existing) { |
| 192 | + await github.rest.issues.updateComment({ |
| 193 | + owner, |
| 194 | + repo, |
| 195 | + comment_id: existing.id, |
| 196 | + body, |
| 197 | + }); |
| 198 | + } else { |
| 199 | + await github.rest.issues.createComment({ |
| 200 | + owner, |
| 201 | + repo, |
| 202 | + issue_number: pr, |
| 203 | + body, |
| 204 | + }); |
| 205 | + } |
0 commit comments