Run docker on forked pull requests (#1450)

* build docker on pull request * run docker build on PRs * remove if * add permissions * change ghcr login * empty commit * always use opendevin as org * lowercase * no client token * dont push on forks * remove env * only cache-to if pushing * fix org name * fix owner * Update containers/build.sh Co-authored-by: Graham Neubig <neubig@gmail.com> * lowercase * remove tag prefix * lowercase --------- Co-authored-by: Graham Neubig <neubig@gmail.com>
2026-03-22 13:47:19 +08:00 · 2024-04-29 14:24:28 -04:00
parent c821d0967c
commit 11d48cc2f3
2 changed files with 23 additions and 6 deletions
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@@ -2,6 +2,9 @@ name: Publish Docker Image

 on:
  push:
+    branches:
+    - main
+  pull_request:
  workflow_dispatch:
    inputs:
      reason:
@@ -12,7 +15,11 @@ on:
 jobs:
  ghcr_build_and_push:
    runs-on: ubuntu-latest
-    if: github.event_name == 'push' || github.event.inputs.reason != ''
+
+    permissions:
+      contents: read
+      packages: write
+
    strategy:
      matrix:
        image: ["app", "evaluation", "sandbox"]
@@ -28,16 +35,25 @@ jobs:
        id: buildx
        uses: docker/setup-buildx-action@v3

-      - name: Log-in to ghcr.io
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+      - name: Login to ghcr
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Delete huge unnecessary tools folder
        run: rm -rf /opt/hostedtoolcache

      - name: Build and push ${{ matrix.image }}
+        if: github.event.pull_request.head.repo.full_name == github.repository
        run: |
-          ORG_NAME=$(echo "${{ github.repository }}" | tr '[A-Z]' '[a-z]' | cut -d '/' -f 1)
-          ./containers/build.sh ${{ matrix.image }} $ORG_NAME --push
+          ./containers/build.sh ${{ matrix.image }} ${{ github.repository_owner }} --push
+
+      - name: Build ${{ matrix.image }}
+        if: github.event.pull_request.head.repo.full_name != github.repository
+        run: |
+          ./containers/build.sh ${{ matrix.image }} ${{ github.repository_owner }}

  docker_build_success:
    name: Docker Build Success