Run docker on forked pull requests (#1450)

* build docker on pull request * run docker build on PRs * remove if * add permissions * change ghcr login * empty commit * always use opendevin as org * lowercase * no client token * dont push on forks * remove env * only cache-to if pushing * fix org name * fix owner * Update containers/build.sh Co-authored-by: Graham Neubig <neubig@gmail.com> * lowercase * remove tag prefix * lowercase --------- Co-authored-by: Graham Neubig <neubig@gmail.com>
2025-12-26 05:48:36 +08:00 · 2024-04-29 14:24:28 -04:00 · 2024-04-29 14:24:28 -04:00 · 11d48cc2f3
commit 11d48cc2f3
parent c821d0967c
2 changed files with 23 additions and 6 deletions
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@ -2,6 +2,9 @@ name: Publish Docker Image

 on:
  push:
+    branches:
+    - main
+  pull_request:
  workflow_dispatch:
    inputs:
      reason:
@ -12,7 +15,11 @@ on:
 jobs:
  ghcr_build_and_push:
    runs-on: ubuntu-latest
-    if: github.event_name == 'push' || github.event.inputs.reason != ''
+
+    permissions:
+      contents: read
+      packages: write
+
    strategy:
      matrix:
        image: ["app", "evaluation", "sandbox"]
@ -28,16 +35,25 @@ jobs:
        id: buildx
        uses: docker/setup-buildx-action@v3

-      - name: Log-in to ghcr.io
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+      - name: Login to ghcr
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Delete huge unnecessary tools folder
        run: rm -rf /opt/hostedtoolcache

      - name: Build and push ${{ matrix.image }}
+        if: github.event.pull_request.head.repo.full_name == github.repository
        run: |
-          ORG_NAME=$(echo "${{ github.repository }}" | tr '[A-Z]' '[a-z]' | cut -d '/' -f 1)
-          ./containers/build.sh ${{ matrix.image }} $ORG_NAME --push
+          ./containers/build.sh ${{ matrix.image }} ${{ github.repository_owner }} --push
+
+      - name: Build ${{ matrix.image }}
+        if: github.event.pull_request.head.repo.full_name != github.repository
+        run: |
+          ./containers/build.sh ${{ matrix.image }} ${{ github.repository_owner }}

  docker_build_success:
    name: Docker Build Success
--- a/containers/build.sh
+++ b/containers/build.sh
@ -44,6 +44,7 @@ if [[ -n "$org_name" ]]; then
  DOCKER_ORG="$org_name"
 fi
 DOCKER_REPOSITORY=$DOCKER_REGISTRY/$DOCKER_ORG/$DOCKER_IMAGE
+DOCKER_REPOSITORY=${DOCKER_REPOSITORY,,} # lowercase
 echo "Repo: $DOCKER_REPOSITORY"
 echo "Base dir: $DOCKER_BASE_DIR"

@ -53,12 +54,12 @@ for tag in ${tags[@]}; do
 done
 if [[ $push -eq 1 ]]; then
  args+=" --push"
+  args+=" --cache-to=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag,mode=max"
 fi

 docker buildx build \
  $args \
  --build-arg OPEN_DEVIN_BUILD_VERSION=$OPEN_DEVIN_BUILD_VERSION \
-  --cache-to=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag,mode=max \
  --cache-from=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag \
  --cache-from=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag_base-main \
  --platform linux/amd64,linux/arm64 \