sporq/zmk-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add guards for absent registry credentials

Browse Source 
The original design assumed that every user would configure login credentials with appropriate write permissions for the Docker Hub repository.  Consequently, forks or pull requests fail on the first step.

This change allows the build to complete without login credentials.  It skips pushing the cache or pushing the candidate image.

The release (docker tag) step still requires login credentials and fails if they are absent.  This guarantees that git tagging is only possible once all images have been pushed out to all container registries.

PR: #24
This commit is contained in:
innovaker 2021-05-11 22:03:46 +01:00
parent 560e9163d5
commit 7b71139613
1 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
.github/workflows/containers.yml vendored
View File

@ -22,13 +22,25 @@ jobs:
- dev
- build
steps:
- name: Check for GitHub Container Registry credentials (secrets)
id: ghcr-credentials
run: if [ ${{ secrets.GHCR_USERNAME == null || secrets.GHCR_TOKEN == null }} = true ]; then exit 1; fi
continue-on-error: true
- name: Login to GitHub Container Registry
id: ghcr-login
if: ${{ steps.ghcr-credentials.outcome == 'success' }}
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }}
password: ${{ secrets.GHCR_TOKEN }}
- name: Check for Docker Hub credentials (secrets)
id: docker-hub-credentials
run: if [ ${{ secrets.DOCKER_HUB_USERNAME == null || secrets.DOCKER_HUB_TOKEN == null }} = true ]; then exit 1; fi
continue-on-error: true
- name: Login to Docker Hub
id: docker-hub-login
if: ${{ steps.docker-hub-credentials.outcome == 'success' }}
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
@ -80,14 +92,22 @@ jobs:
tags: |
docker.io/${{ steps.vars.outputs.docker-hub-namespace }}/${{ steps.vars.outputs.candidate-tag }}
cache-from: type=registry,ref=docker.io/${{ steps.vars.outputs.docker-hub-namespace }}/${{ env.cache-repository-name }}:dev
cache-to: type=registry,ref=docker.io/${{ steps.vars.outputs.docker-hub-namespace }}/${{ env.cache-repository-name }}:${{ matrix.target }},mode=max
push: true
cache-to: ${{ (steps.docker-hub-login.outcome == 'success') && format('type=registry,ref=docker.io/{0}/{1}:{2},mode=max', steps.vars.outputs.docker-hub-namespace, env.cache-repository-name, matrix.target) || null }}
push: ${{ steps.docker-hub-login.outcome == 'success' }}
- name: Image digest
if: ${{ !startsWith(github.ref, 'refs/tags') }}
run: echo ${{ steps.build-push.outputs.digest }}
- name: Release (pull candidate, tag, push)
if: ${{ github.ref == steps.vars.outputs.tag-trigger-ref }}
run: |
if [ "${{ steps.docker-hub-login.outcome }}" != "success" ]; then
echo "Docker Hub must be authenticated to perform a release!"
exit 1
fi
if [ "${{ steps.ghcr-login.outcome }}" != "success" ]; then
echo "GitHub Container Registry must be authenticated to perform a release!"
exit 1
fi
docker pull docker.io/${{ steps.vars.outputs.docker-hub-namespace }}/${{ steps.vars.outputs.candidate-tag }}
docker tag docker.io/${{ steps.vars.outputs.docker-hub-namespace }}/${{ steps.vars.outputs.candidate-tag }} docker.io/${{ steps.vars.outputs.docker-hub-namespace }}/${{ steps.vars.outputs.versions-tag }}
docker tag docker.io/${{ steps.vars.outputs.docker-hub-namespace }}/${{ steps.vars.outputs.candidate-tag }} docker.io/${{ steps.vars.outputs.docker-hub-namespace }}/${{ steps.vars.outputs.latest-tag }}