actions/push-to-registry
1
0
Fork 0
mirror of https://github.com/redhat-actions/push-to-registry.git synced 2025-02-22 18:21:20 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove pull_request_target from workflows that push images

Browse source 
Signed-off-by: Tim Etchells <tetchell@redhat.com>
This commit is contained in:
Tim Etchells 2021-02-20 13:37:54 -05:00
parent f52484f302
commit 74b235b626
2 changed files with 20 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
.github/workflows/multiple-build.yaml vendored
View file

@ -1,7 +1,6 @@
name: Multiple container CLI build tests name: Multiple container CLI build tests
on: on:
push: push:
pull_request_target:
workflow_dispatch: workflow_dispatch:
env: env:
IMAGE_NAME: myimage IMAGE_NAME: myimage
@ -32,12 +31,12 @@ jobs:
registry: ${{ env.IMAGE_REGISTRY }}/${{ secrets.REGISTRY_USER }} registry: ${{ env.IMAGE_REGISTRY }}/${{ secrets.REGISTRY_USER }}
username: ${{ secrets.REGISTRY_USER }} username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }} password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Echo outputs - name: Echo outputs
run: | run: |
echo "Digest: ${{ steps.push.outputs.digest }}" echo "Digest: ${{ steps.push.outputs.digest }}"
echo "Registry Paths: ${{ steps.push.outputs.registry-paths }}" echo "Registry Paths: ${{ steps.push.outputs.registry-paths }}"
build-only-docker: build-only-docker:
name: Build and push image built only on Docker name: Build and push image built only on Docker
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
@ -61,12 +60,12 @@ jobs:
registry: ${{ env.IMAGE_REGISTRY }}/${{ secrets.REGISTRY_USER }} registry: ${{ env.IMAGE_REGISTRY }}/${{ secrets.REGISTRY_USER }}
username: ${{ secrets.REGISTRY_USER }} username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }} password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Echo outputs - name: Echo outputs
run: | run: |
echo "Digest: ${{ steps.push.outputs.digest }}" echo "Digest: ${{ steps.push.outputs.digest }}"
echo "Registry Paths: ${{ steps.push.outputs.registry-paths }}" echo "Registry Paths: ${{ steps.push.outputs.registry-paths }}"
build-podman-latest: build-podman-latest:
name: Build and push image built latest on Podman name: Build and push image built latest on Podman
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
@ -80,7 +79,7 @@ jobs:
FROM busybox FROM busybox
RUN echo "hello world" RUN echo "hello world"
EOF EOF
- name: Build image using Podman - name: Build image using Podman
run: | run: |
podman build -t ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} -<<EOF podman build -t ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} -<<EOF
@ -88,7 +87,7 @@ jobs:
RUN echo "hello world" RUN echo "hello world"
EOF EOF
- name: Push image to ${{ env.IMAGE_REGISTRY }} - name: Push image to ${{ env.IMAGE_REGISTRY }}
id: push id: push
uses: ./ uses: ./
with: with:
@ -97,7 +96,7 @@ jobs:
registry: ${{ env.IMAGE_REGISTRY }}/${{ secrets.REGISTRY_USER }} registry: ${{ env.IMAGE_REGISTRY }}/${{ secrets.REGISTRY_USER }}
username: ${{ secrets.REGISTRY_USER }} username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }} password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Echo outputs - name: Echo outputs
run: | run: |
echo "Digest: ${{ steps.push.outputs.digest }}" echo "Digest: ${{ steps.push.outputs.digest }}"
@ -124,7 +123,7 @@ jobs:
RUN echo "hello world" RUN echo "hello world"
EOF EOF
- name: Push image to ${{ env.IMAGE_REGISTRY }} - name: Push image to ${{ env.IMAGE_REGISTRY }}
id: push id: push
uses: ./ uses: ./
with: with:
@ -133,8 +132,8 @@ jobs:
registry: ${{ env.IMAGE_REGISTRY }}/${{ secrets.REGISTRY_USER }} registry: ${{ env.IMAGE_REGISTRY }}/${{ secrets.REGISTRY_USER }}
username: ${{ secrets.REGISTRY_USER }} username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }} password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Echo outputs - name: Echo outputs
run: | run: |
echo "Digest: ${{ steps.push.outputs.digest }}" echo "Digest: ${{ steps.push.outputs.digest }}"
echo "Registry Paths: ${{ steps.push.outputs.registry-paths }}" echo "Registry Paths: ${{ steps.push.outputs.registry-paths }}"

17
.github/workflows/verify-push.yaml vendored
View file

@ -2,7 +2,10 @@
# is some change in code done to ensure that the changes # is some change in code done to ensure that the changes
# are not buggy and we are getting the desired output. # are not buggy and we are getting the desired output.
name: Test Build and Push name: Test Build and Push
on: [ push, workflow_dispatch, pull_request_target ] on:
push:
workflow_dispatch:
env: env:
PROJECT_DIR: spring-petclinic PROJECT_DIR: spring-petclinic
IMAGE_NAME: spring-petclinic IMAGE_NAME: spring-petclinic
@ -28,14 +31,14 @@ jobs:
with: with:
repository: "spring-projects/spring-petclinic" repository: "spring-projects/spring-petclinic"
path: ${{ env.PROJECT_DIR }} path: ${{ env.PROJECT_DIR }}
# If none of these files has changed, we assume that the contents of # If none of these files has changed, we assume that the contents of
# .m2/repository can be fetched from the cache. # .m2/repository can be fetched from the cache.
- name: Hash Maven files - name: Hash Maven files
working-directory: ${{ env.PROJECT_DIR }} working-directory: ${{ env.PROJECT_DIR }}
run: | run: |
echo "MVN_HASH=${{ hashFiles('**/pom.xml', '.mvn/**/*', 'mvnw*') }}" >> $GITHUB_ENV echo "MVN_HASH=${{ hashFiles('**/pom.xml', '.mvn/**/*', 'mvnw*') }}" >> $GITHUB_ENV
# Download the m2 repository from the cache to speed up the build. # Download the m2 repository from the cache to speed up the build.
- name: Check for Maven cache - name: Check for Maven cache
id: check-mvn-cache id: check-mvn-cache
@ -54,7 +57,7 @@ jobs:
- name: Maven - name: Maven
working-directory: ${{ env.PROJECT_DIR }} working-directory: ${{ env.PROJECT_DIR }}
run: | run: |
mvn package -ntp -B mvn package -ntp -B
# If there was no cache hit above, store the output into the cache now. # If there was no cache hit above, store the output into the cache now.
- name: Save Maven repo into cache - name: Save Maven repo into cache
@ -63,7 +66,7 @@ jobs:
with: with:
path: ${{ env.MVN_REPO_DIR }} path: ${{ env.MVN_REPO_DIR }}
key: ${{ env.MVN_HASH }} key: ${{ env.MVN_HASH }}
# Build image using Buildah action # Build image using Buildah action
- name: Build Image - name: Build Image
id: build_image id: build_image
@ -81,7 +84,7 @@ jobs:
spring-petclinic-*.jar spring-petclinic-*.jar
port: 8080 port: 8080
oci: 'true' oci: 'true'
# Push the image to Quay.io (Image Registry) # Push the image to Quay.io (Image Registry)
- name: Push To Quay - name: Push To Quay
uses: ./push-to-registry/ uses: ./push-to-registry/
@ -94,7 +97,7 @@ jobs:
password: ${{ secrets.REGISTRY_PASSWORD }} password: ${{ secrets.REGISTRY_PASSWORD }}
extra-args: | extra-args: |
--disable-content-trust --disable-content-trust
- name: Echo outputs - name: Echo outputs
run: | run: |
echo "Digest: ${{ steps.push.outputs.digest }}" echo "Digest: ${{ steps.push.outputs.digest }}"