ContainerSolutions / externalsecret-operator

An operator to fetch secrets from cloud services and inject them in Kubernetes
Apache License 2.0
189 stars 28 forks source link

Push image to registry only when building `master` #114

Closed dbirks closed 4 years ago

dbirks commented 4 years ago

I noticed the builds were failing recently. :x: :cry:
It looks like it's trying to always login to Docker Hub, even for PRs, which shouldn't need to push any image.

This PR adds a check to see if we're building off master, and if we're not, then it skips the docker login step and the push step.

Thanks for maintaining this!

codecov[bot] commented 4 years ago

Codecov Report

Merging #114 into master will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #114   +/-   ##
=======================================
  Coverage   86.59%   86.59%           
=======================================
  Files           9        9           
  Lines         261      261           
=======================================
  Hits          226      226           
  Misses         26       26           
  Partials        9        9           

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 447aa21...f3e2c78. Read the comment docs.

knelasevero commented 4 years ago

Hey @dbirks, thanks a lot for the contribution! We actually want to keep pushing images internally, but stop doing that for forks. Do you think that you could change your check to actually test if it is a fork?

So, instead of checking if it is master, check if the repo full name is the one from the original org. Maybe something like if github.event.pull_request.head.repo.full_name == 'org/repo'.

dbirks commented 4 years ago

Ah, yes that sounds good. I was wondering how to prevent untrusted code from being built and pushed, but having the line drawn at forks would work very nicely, and allow you to have internal branches pushed. Making the change now...