From 4bcd13c77d21863774a851bb07e7f298a72c4073 Mon Sep 17 00:00:00 2001 From: David Whittington Date: Fri, 25 Aug 2023 15:48:22 -0500 Subject: [PATCH] build: skip GitHub action steps the require write perms on external PRs ... so that checks can pass when people submit PRs to the repo. --- .github/workflows/build-core.yml | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-core.yml b/.github/workflows/build-core.yml index 5b3378f1..697c62ca 100644 --- a/.github/workflows/build-core.yml +++ b/.github/workflows/build-core.yml @@ -39,14 +39,14 @@ jobs: # Test results report - name: Report test results uses: dorny/test-reporter@v1 - if: success() || failure() + if: success() || failure() && github.event.pull_request.head.repo.full_name == github.repository with: name: Mocha tests path: test-results.json reporter: mocha-json - name: Report code coverage - if: ${{ github.event_name == 'pull_request' }} + if: github.event.pull_request.head.repo.full_name == github.repository uses: romeovs/lcov-reporter-action@v0.2.16 with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -54,13 +54,14 @@ jobs: - name: Check code coverage threshold uses: VeryGoodOpenSource/very_good_coverage@v2 + if: github.event.pull_request.head.repo.full_name == github.repository with: path: ./coverage/lcov.info min_coverage: 50 # Build and push container image to GCR (only on main branch) - name: Log in to the GitHub Container Registry - if: ${{ github.ref == 'refs/heads/main' }} + if: github.ref == 'refs/heads/main' uses: docker/login-action@v1 with: registry: ghcr.io @@ -68,7 +69,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push container image to GitHub Container Registry - if: ${{ github.ref == 'refs/heads/main' }} + if: github.ref == 'refs/heads/main' uses: docker/build-push-action@v3 with: push: true @@ -78,17 +79,18 @@ jobs: # Build and push container image to ECR - name: Configure AWS credentials + if: github.event_name != 'pull_request' uses: aws-actions/configure-aws-credentials@v2 with: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_BUILD_INVOCATION_ROLE }} aws-region: ${{ secrets.AWS_REGION }} - name: Login to ECR - if: ${{ github.ref == 'refs/heads/develop' }} + if: github.ref == 'refs/heads/develop' uses: aws-actions/amazon-ecr-login@v1 - name: Push image ECR - if: ${{ github.ref == 'refs/heads/develop' }} + if: github.ref == 'refs/heads/develop' uses: docker/build-push-action@v3 with: labels: | @@ -100,14 +102,14 @@ jobs: # Start CodePipeline to test image - name: Start CodePipeline - if: ${{ github.ref == 'refs/heads/develop' }} + if: github.ref == 'refs/heads/develop' run: | aws codepipeline start-pipeline-execution \ --name ${{ secrets.AWS_CODEPIPELINE_NAME }} # Success notification - name: Send Slack success notification - if: success() + if: success() && github.event_name != 'pull_request' env: SLACK_TITLE: Build succeeded! SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} @@ -115,7 +117,7 @@ jobs: # Failure notification - name: Send Slack failure notification - if: failure() + if: failure() && github.event_name != 'pull_request' env: SLACK_TITLE: Build failed! SLACK_COLOR: danger