Draft: Feat/backend go #55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push Container Images | |
| on: | |
| push: | |
| branches: | |
| - master | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| branches: | |
| - master | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| # Job to check if PR is from a fork or unauthorized user | |
| check-pr: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| is_authorized: ${{ steps.check.outputs.is_authorized }} | |
| steps: | |
| - id: check | |
| run: | | |
| if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
| # Check if PR is from a fork | |
| if [[ "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.repository }}" ]]; then | |
| echo "is_authorized=false" >> $GITHUB_OUTPUT | |
| echo "PR is from a fork - will only build, not push" | |
| else | |
| # Check if user has write access | |
| if [[ "${{ github.event.pull_request.head.repo.permissions.push }}" == "true" ]]; then | |
| echo "is_authorized=true" >> $GITHUB_OUTPUT | |
| echo "PR is from an authorized contributor" | |
| else | |
| echo "is_authorized=false" >> $GITHUB_OUTPUT | |
| echo "PR is from unauthorized contributor" | |
| fi | |
| fi | |
| else | |
| echo "is_authorized=true" >> $GITHUB_OUTPUT | |
| echo "Not a PR - authorized" | |
| fi | |
| build-and-push: | |
| needs: check-pr | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| component: [backend, frontend] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 | |
| with: | |
| images: | | |
| ethpandaops/lab | |
| tags: | | |
| type=raw,value=${{ matrix.component }}-latest,enable=${{ github.ref == 'refs/heads/master' }} | |
| type=ref,event=branch,prefix=${{ matrix.component }}- | |
| type=semver,pattern=${{ matrix.component }}-{{version}} | |
| type=semver,pattern=${{ matrix.component }}-{{major}}.{{minor}} | |
| type=sha,prefix=${{ matrix.component }}-,format=short | |
| flavor: | | |
| latest=false | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | |
| - name: Login to DockerHub | |
| # Only login if: | |
| # 1. Not a PR | |
| # 2. OR PR is from same repo by authorized user | |
| if: | | |
| github.event_name != 'pull_request' || | |
| (needs.check-pr.outputs.is_authorized == 'true' && github.event.pull_request.head.repo.full_name == github.repository) | |
| uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and push | |
| uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 | |
| with: | |
| context: ./${{ matrix.component }} | |
| # Only push if: | |
| # 1. Not a PR | |
| # 2. OR PR is from same repo by authorized user | |
| push: | | |
| ${{ | |
| github.event_name != 'pull_request' || | |
| (needs.check-pr.outputs.is_authorized == 'true' && github.event.pull_request.head.repo.full_name == github.repository) | |
| }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max |