💚 Fixed CI fail on PR from fork

Fixed CI failing when a PR is made from a fork due to user from fork not having the permission packages: write. CI will now check if it has write perms before push built docker image.
2025-11-05 04:55:58 +01:00 · 2022-05-15 23:29:01 -04:00
parent 9bf8b337f6
commit fe5fa99b4a
1 changed files with 21 additions and 6 deletions
--- a/.github/workflows/docker_dev.yml
+++ b/.github/workflows/docker_dev.yml
@@ -32,10 +32,6 @@ env:
  REGISTRY: ghcr.io
  # github.repository as <account>/<repo>
  IMAGE_NAME: ${{ github.repository }}
-  # temp
-  e1: ${{ github.event_name }}
-  e2: ${{ github.base_ref }}-${{github.head_ref }}
-  e3: " ${{github}} "

 jobs:
  # Push image to GitHub Packages.
@@ -43,13 +39,17 @@ jobs:
  yarn_install_and_build:
    runs-on: ubuntu-latest
    steps:
+
      - name: Setup
        uses: actions/setup-node@v3
+
      - name: Checkout
        uses: actions/checkout@v3
+
      - name: Get yarn cache directory path
        id: yarn-cache-dir-path
        run: echo "::set-output name=dir::$(yarn cache dir)"
+
      - name: Yarn cache
        uses: actions/cache@v3
        id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
@@ -57,6 +57,7 @@ jobs:
          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
          restore-keys: ${{ runner.os }}-yarn-
+
      - name: Nextjs cache
        uses: actions/cache@v2
        with:
@@ -68,8 +69,10 @@ jobs:
          key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }}
          # If source files changed but packages didn't, rebuild from a prior cache.
          restore-keys: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-
+
      - run: yarn install --frozen-lockfile
      - run: yarn build
+
      - name: Cache build output
        uses: actions/cache@v2
        id: restore-build
@@ -90,8 +93,10 @@ jobs:
      packages: write
      contents: read
    steps:
+
      - name: Checkout
        uses: actions/checkout@v2
+
      - uses: actions/cache@v2
        id: restore-build
        with:
@@ -103,6 +108,7 @@ jobs:
             ./.next/standalone/
             ./packages.json
          key: ${{ github.sha }}
+
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v4
@@ -113,12 +119,21 @@ jobs:
          tags: |
            type=ref,event=pr
            tpye=raw,value=dev,priority=1
+
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
+
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
+
+      - name: Check perms
+        uses: actions-cool/check-user-permission@main
+        id: checkUser
+        with:
+          require: 'write'
+
      - name: Login to GHCR
-        if: github.base_ref == github.head_ref
+        if: steps.checkUser.outputs.require-result == 'true'
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
@@ -130,6 +145,6 @@ jobs:
        with:
          platforms: linux/amd64,linux/arm64,linux/arm/v7
          context: .
-          push: ${{  github.base_ref == github.head_ref && github.event_name != 'pull_request'}}
+          push: ${{ steps.checkUser.outputs.require-result == 'true' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}