feat: only build and push where permissions are (#181)

cpb8010 · Copilot · web-flow · commit 9f8defe0dfa2 · 2025-09-09T15:29:04.000+03:00
* feat: only build and push where permissions are

Also allow this to be run manually in case you aren't merging to main or
have forked this repo to a different name within the matter-labs org
that does have the needed docker permissions.

* Update .github/workflows/push-oidc-containers.yml

love it

Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;

---------

Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/.github/workflows/push-oidc-containers.yml b/.github/workflows/push-oidc-containers.yml
@@ -10,6 +10,7 @@ on:
   pull_request:
     branches:
       - main
+  workflow_dispatch:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
@@ -19,6 +20,9 @@ jobs:
   build-push-image:
     name: Build and push Docker image
     runs-on: [matterlabs-ci-runner]
+    # Only run docker build/push for the main repository, not forks
+    # Allow manual dispatch from any repository
+    if: github.repository == 'matter-labs/zksync-sso'
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
@@ -39,7 +43,7 @@ jobs:
           elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
             echo "tag=none" >> $GITHUB_OUTPUT
           else
-            echo "Unsupported event ${GITHUB_EVENT_NAME} or ref ${GITHUB_REF}, only refs/heads/, refs/tags/ and pull_request are supported."
+            echo "Unsupported event ${GITHUB_EVENT_NAME} or ref ${GITHUB_REF}, only refs/heads/, refs/tags/, pull_request, and workflow_dispatch are supported."
             exit 1
           fi
 
@@ -63,7 +67,7 @@ jobs:
           context: .
           file: Dockerfile
           target: oidc-server
-          push: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')) }}
+          push: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')) || github.event_name == 'workflow_dispatch' }}
           tags: |
             matterlabs/sso-oidc-salt:${{ steps.docker_tag.outputs.tag }}
             matterlabs/sso-oidc-salt:latest
@@ -77,7 +81,7 @@ jobs:
           context: .
           file: Dockerfile
           target: key-registry
-          push: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')) }}
+          push: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')) || github.event_name == 'workflow_dispatch' }}
           tags: |
             matterlabs/sso-oidc-key-updater:${{ steps.docker_tag.outputs.tag }}
             matterlabs/sso-oidc-key-updater:latest
