search

RafikFarhad / push-to-gcr-github-action

An action that build docker image and push to Google Cloud Registry and Google Artifact Registry.
MIT License
68 stars 37 forks source link

CI doesn't handle PRs from forks well #32

Closed jsoref closed 1 year ago

jsoref commented 2 years ago

When a PR is made from a fork, secrets will generally be empty (for security reasons).

As such, these will be empty: https://github.com/RafikFarhad/push-to-gcr-github-action/blob/241707854fb71f655ec4e2a98bb16505f218bcc2/.github/workflows/build_and_push.yaml#L18 https://github.com/RafikFarhad/push-to-gcr-github-action/blob/241707854fb71f655ec4e2a98bb16505f218bcc2/.github/workflows/build_and_push.yaml#L37 https://github.com/RafikFarhad/push-to-gcr-github-action/blob/241707854fb71f655ec4e2a98bb16505f218bcc2/.github/workflows/build_and_push.yaml#L52

Collectively, those mean that: https://github.com/RafikFarhad/push-to-gcr-github-action/blob/241707854fb71f655ec4e2a98bb16505f218bcc2/entrypoint.sh#L16 will be empty.

Note that the condition in question works like this:

$ echo '' | python -m base64 -d |wc
       0       0       0
$ echo '' | python -m base64 -d ; echo $?
0

The code then flows here: https://github.com/RafikFarhad/push-to-gcr-github-action/blob/241707854fb71f655ec4e2a98bb16505f218bcc2/entrypoint.sh#L27

Where it fails.

Ideally the workflow would check to see if it has a secret and if it doesn't, it should still build the image, but, it could then not actually push it anywhere.

It's ok to trigger a notice or a sibling. And it'd be reasonable to generate an output to indicate if push(es) happened.

RafikFarhad commented 1 year ago

The main goal of this action is to push the image not build. So if it can't push, it should bail out early. I am open to discussion to change the behavior. Let's hear from other folks.

RafikFarhad commented 1 year ago

Dropping this enhancement request as it does not provide an excellent outcome for most of the users. Maybe, we can look at it later.