mirror of
https://github.com/redhat-actions/push-to-registry.git
synced 2025-02-22 10:11:21 +01:00
Remove pull_request_target from workflows that push images
Signed-off-by: Tim Etchells <tetchell@redhat.com>
This commit is contained in:
Tim Etchells
parent
f52484f302
commit
74b235b626
2 changed files with 20 additions and 18 deletions
21
.github/workflows/multiple-build.yaml
vendored
21
.github/workflows/multiple-build.yaml
vendored
|
|
@ -1,7 +1,6 @@
|
|||
name: Multiple container CLI build tests
|
||||
on:
|
||||
push:
|
||||
pull_request_target:
|
||||
workflow_dispatch:
|
||||
env:
|
||||
IMAGE_NAME: myimage
|
||||
|
|
@ -32,12 +31,12 @@ jobs:
|
|||
registry: ${{ env.IMAGE_REGISTRY }}/${{ secrets.REGISTRY_USER }}
|
||||
username: ${{ secrets.REGISTRY_USER }}
|
||||
password: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
|
||||
|
||||
- name: Echo outputs
|
||||
run: |
|
||||
echo "Digest: ${{ steps.push.outputs.digest }}"
|
||||
echo "Registry Paths: ${{ steps.push.outputs.registry-paths }}"
|
||||
|
||||
|
||||
build-only-docker:
|
||||
name: Build and push image built only on Docker
|
||||
runs-on: ubuntu-20.04
|
||||
|
|
@ -61,12 +60,12 @@ jobs:
|
|||
registry: ${{ env.IMAGE_REGISTRY }}/${{ secrets.REGISTRY_USER }}
|
||||
username: ${{ secrets.REGISTRY_USER }}
|
||||
password: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
|
||||
|
||||
- name: Echo outputs
|
||||
run: |
|
||||
echo "Digest: ${{ steps.push.outputs.digest }}"
|
||||
echo "Registry Paths: ${{ steps.push.outputs.registry-paths }}"
|
||||
|
||||
|
||||
build-podman-latest:
|
||||
name: Build and push image built latest on Podman
|
||||
runs-on: ubuntu-20.04
|
||||
|
|
@ -80,7 +79,7 @@ jobs:
|
|||
FROM busybox
|
||||
RUN echo "hello world"
|
||||
EOF
|
||||
|
||||
|
||||
- name: Build image using Podman
|
||||
run: |
|
||||
podman build -t ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} -<<EOF
|
||||
|
|
@ -88,7 +87,7 @@ jobs:
|
|||
RUN echo "hello world"
|
||||
EOF
|
||||
|
||||
- name: Push image to ${{ env.IMAGE_REGISTRY }}
|
||||
- name: Push image to ${{ env.IMAGE_REGISTRY }}
|
||||
id: push
|
||||
uses: ./
|
||||
with:
|
||||
|
|
@ -97,7 +96,7 @@ jobs:
|
|||
registry: ${{ env.IMAGE_REGISTRY }}/${{ secrets.REGISTRY_USER }}
|
||||
username: ${{ secrets.REGISTRY_USER }}
|
||||
password: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
|
||||
|
||||
- name: Echo outputs
|
||||
run: |
|
||||
echo "Digest: ${{ steps.push.outputs.digest }}"
|
||||
|
|
@ -124,7 +123,7 @@ jobs:
|
|||
RUN echo "hello world"
|
||||
EOF
|
||||
|
||||
- name: Push image to ${{ env.IMAGE_REGISTRY }}
|
||||
- name: Push image to ${{ env.IMAGE_REGISTRY }}
|
||||
id: push
|
||||
uses: ./
|
||||
with:
|
||||
|
|
@ -133,8 +132,8 @@ jobs:
|
|||
registry: ${{ env.IMAGE_REGISTRY }}/${{ secrets.REGISTRY_USER }}
|
||||
username: ${{ secrets.REGISTRY_USER }}
|
||||
password: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
|
||||
|
||||
- name: Echo outputs
|
||||
run: |
|
||||
echo "Digest: ${{ steps.push.outputs.digest }}"
|
||||
echo "Registry Paths: ${{ steps.push.outputs.registry-paths }}"
|
||||
echo "Registry Paths: ${{ steps.push.outputs.registry-paths }}"
|
||||
|
|
|
|||
17
.github/workflows/verify-push.yaml
vendored
17
.github/workflows/verify-push.yaml
vendored
|
|
@ -2,7 +2,10 @@
|
|||
# is some change in code done to ensure that the changes
|
||||
# are not buggy and we are getting the desired output.
|
||||
name: Test Build and Push
|
||||
on: [ push, workflow_dispatch, pull_request_target ]
|
||||
on:
|
||||
push:
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
PROJECT_DIR: spring-petclinic
|
||||
IMAGE_NAME: spring-petclinic
|
||||
|
|
@ -28,14 +31,14 @@ jobs:
|
|||
with:
|
||||
repository: "spring-projects/spring-petclinic"
|
||||
path: ${{ env.PROJECT_DIR }}
|
||||
|
||||
|
||||
# If none of these files has changed, we assume that the contents of
|
||||
# .m2/repository can be fetched from the cache.
|
||||
- name: Hash Maven files
|
||||
working-directory: ${{ env.PROJECT_DIR }}
|
||||
run: |
|
||||
echo "MVN_HASH=${{ hashFiles('**/pom.xml', '.mvn/**/*', 'mvnw*') }}" >> $GITHUB_ENV
|
||||
|
||||
|
||||
# Download the m2 repository from the cache to speed up the build.
|
||||
- name: Check for Maven cache
|
||||
id: check-mvn-cache
|
||||
|
|
@ -54,7 +57,7 @@ jobs:
|
|||
- name: Maven
|
||||
working-directory: ${{ env.PROJECT_DIR }}
|
||||
run: |
|
||||
mvn package -ntp -B
|
||||
mvn package -ntp -B
|
||||
|
||||
# If there was no cache hit above, store the output into the cache now.
|
||||
- name: Save Maven repo into cache
|
||||
|
|
@ -63,7 +66,7 @@ jobs:
|
|||
with:
|
||||
path: ${{ env.MVN_REPO_DIR }}
|
||||
key: ${{ env.MVN_HASH }}
|
||||
|
||||
|
||||
# Build image using Buildah action
|
||||
- name: Build Image
|
||||
id: build_image
|
||||
|
|
@ -81,7 +84,7 @@ jobs:
|
|||
spring-petclinic-*.jar
|
||||
port: 8080
|
||||
oci: 'true'
|
||||
|
||||
|
||||
# Push the image to Quay.io (Image Registry)
|
||||
- name: Push To Quay
|
||||
uses: ./push-to-registry/
|
||||
|
|
@ -94,7 +97,7 @@ jobs:
|
|||
password: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
extra-args: |
|
||||
--disable-content-trust
|
||||
|
||||
|
||||
- name: Echo outputs
|
||||
run: |
|
||||
echo "Digest: ${{ steps.push.outputs.digest }}"
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue