Allow Docker CI to build fork PRs#197
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📜 Recent review details⏰ Context from checks skipped due to timeout. (2)
🧰 Additional context used🪛 zizmor (1.26.1).github/workflows/deploy.yml[warning] 77-77: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false (artipacked) 🔇 Additional comments (1)
📝 WalkthroughSummary by CodeRabbit
WalkthroughThe ChangesConditional Docker Registry Auth
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Possibly related issues
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Pull request overview
This PR updates the CI GitHub Actions workflow to allow fork pull requests (which do not receive repository secrets) to still run a meaningful Docker build check, while preserving the existing login/cache/tag/push behavior for trusted runs where registry credentials are available.
Changes:
- Adds a
HAS_DOCKER_REGISTRY_CREDSjob env flag derived from registry secrets. - Skips registry login and runs a build-only Docker step when credentials are absent (e.g., fork PRs).
- Keeps the existing build+push path (including caching and registry tags) when credentials are present.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Summary
Testing
.github/workflows/deploy.ymlas YAML locallygit diff --checkdocker build -t matrix-line-ci-fork-pr .Notes
Fork PRs do not receive repository secrets, so the existing
build-dockerjob failed before building withUsername and password required. This keeps the Docker build check useful for forks while preserving image pushes for trusted runs with registry credentials.