ci: allow conditional container push from labeled pull requests

MickaelCa · MickaelCa · commit e0ac1c9b55de · 2025-07-13T23:49:34.000+02:00
diff --git a/.github/workflows/docker_image.yml b/.github/workflows/docker_image.yml
@@ -16,6 +16,8 @@ concurrency:
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
+  # Set to 'true' to allow pushing container from pull requests with the label 'push-container'
+  PUSH_FROM_PR: ${{ github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'push-container') }}
 
 jobs:
   docker-build:
@@ -67,14 +69,14 @@ jobs:
         with:
           context: .
           platforms: linux/amd64, linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
+          push: ${{ github.event_name != 'pull_request' || env.PUSH_FROM_PR == 'true' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
       - name: Generate artifact attestation
-        if: github.event_name != 'pull_request'
+        if: github.event_name != 'pull_request' || env.PUSH_FROM_PR == 'true'
         uses: actions/attest-build-provenance@v2
         with:
           subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
