Skip to content

Allow Docker CI to build fork PRs#197

Open
Adri11334 wants to merge 1 commit into
beeper:mainfrom
Adri11334:fix-docker-ci-fork-prs
Open

Allow Docker CI to build fork PRs#197
Adri11334 wants to merge 1 commit into
beeper:mainfrom
Adri11334:fix-docker-ci-fork-prs

Conversation

@Adri11334

Copy link
Copy Markdown
Contributor

Summary

  • skip the private Docker registry login when registry secrets are unavailable
  • run a build-only Docker path for fork PRs without pushing an image
  • keep the existing login, cache, tag, and push behavior when registry credentials are present

Testing

  • parsed .github/workflows/deploy.yml as YAML locally
  • git diff --check
  • docker build -t matrix-line-ci-fork-pr .

Notes

Fork PRs do not receive repository secrets, so the existing build-docker job failed before building with Username and password required. This keeps the Docker build check useful for forks while preserving image pushes for trusted runs with registry credentials.

Copilot AI review requested due to automatic review settings June 29, 2026 19:43
@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 02c3ec5d-589a-4006-b385-d2ad0abfc2ac

📥 Commits

Reviewing files that changed from the base of the PR and between be98960 and 4939457.

📒 Files selected for processing (1)
  • .github/workflows/deploy.yml
📜 Recent review details
⏰ Context from checks skipped due to timeout. (2)
  • GitHub Check: build-docker
  • GitHub Check: Lint with 1.25
🧰 Additional context used
🪛 zizmor (1.26.1)
.github/workflows/deploy.yml

[warning] 77-77: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)

🔇 Additional comments (1)
.github/workflows/deploy.yml (1)

77-77: 🔒 Security & Privacy

Remove the persist-credentials warning here. .dockerignore already excludes .git, and this workflow doesn’t use Git auth after checkout, so context: . won’t expose the checkout token.

			> Likely an incorrect or invalid review comment.

📝 Walkthrough

Summary by CodeRabbit

  • Bug Fixes
    • Improved the deployment workflow to handle missing Docker registry credentials gracefully.
    • Docker images are now built without publishing when credentials aren’t available, and pushed only when authentication is present.

Walkthrough

The build-docker CI job in deploy.yml gains a HAS_DOCKER_REGISTRY_CREDS environment flag computed from secret availability. Registry login, Docker build-only, and Docker build-and-push steps are each conditionally gated on that flag.

Changes

Conditional Docker Registry Auth

Layer / File(s) Summary
Conditional registry login and push steps
.github/workflows/deploy.yml
Adds HAS_DOCKER_REGISTRY_CREDS env var; registry login step runs only when credentials are present; a build-only step runs when credentials are absent; the existing build-and-push step runs only when credentials are present.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related issues

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly reflects the main change: enabling Docker CI to build forked pull requests.
Description check ✅ Passed The description accurately matches the workflow change and its fork-PR Docker build behavior.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the CI GitHub Actions workflow to allow fork pull requests (which do not receive repository secrets) to still run a meaningful Docker build check, while preserving the existing login/cache/tag/push behavior for trusted runs where registry credentials are available.

Changes:

  • Adds a HAS_DOCKER_REGISTRY_CREDS job env flag derived from registry secrets.
  • Skips registry login and runs a build-only Docker step when credentials are absent (e.g., fork PRs).
  • Keeps the existing build+push path (including caching and registry tags) when credentials are present.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants