Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: don't create docker images for users without org's secrets #2585

Merged
merged 10 commits into from
Apr 17, 2024

Conversation

gabrielmer
Copy link
Contributor

@gabrielmer gabrielmer commented Apr 12, 2024

Allowing users outside of the org to pass the CI by omitting the workflow of creating and publishing a docker image of the PR.

Were not able to find a cleaner approach. Apparently it's not possible to run a job only if an env variable exists.

Also tried to create a job that checks if the secret exists and run the build-docker-image only if the previous job succeeded, but either the CI failed or it did not skip the subsequent job.

WDYT? Any better ideas?

Changes

  • updating container-image workflow with secret existence checks

Issue

closes #2497

Copy link

github-actions bot commented Apr 12, 2024

You can find the image built from this PR at

quay.io/wakuorg/nwaku-pr:2585-rln-v2-true

Built from b151b61

@gabrielmer gabrielmer self-assigned this Apr 12, 2024
@gabrielmer gabrielmer marked this pull request as ready for review April 12, 2024 13:20
Copy link
Contributor

@NagyZoltanPeter NagyZoltanPeter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not pretty sure if it is possible to use the local docker repo instead of publishing to quay in case creds are missing....?

Copy link
Collaborator

@Ivansete-status Ivansete-status left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this! Just added a question :)

- name: Checkout code
if: ${{ steps.secrets.outcome == 'success' }}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aren't we just willing to skip the image deployment part if the user doesn't have access to secrets?

In other words, are we willing to skip the following snippet?

          docker login -u ${QUAY_USER} -p ${QUAY_PASSWORD} quay.io
          docker build -t ${IMAGE} -f docker/binaries/Dockerfile.bn.amd64 --label quay.expires-after=30d .
          docker push ${IMAGE}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes! So that was my initial approach. But then I noticed that the whole workflow doesn't make sense if the image is not being published. We already have separate workflows for builds, so there's no value in running another build, creating a docker-image and deleting it.

We could only skip the image deployment and the subsequent step which is writing in the PR the info of the image deployed, but in that case I don't think none of the previous add any value.

@gabrielmer gabrielmer merged commit 51ec12b into master Apr 17, 2024
13 of 15 checks passed
@gabrielmer gabrielmer deleted the chore-allowing-external-contributors-to-pass-CI branch April 17, 2024 06:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

chore: allow external contributors PRs to pass CI
3 participants