Skip to content

Update dev-image #1661

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Update dev-image #1661

wants to merge 5 commits into from
+158 −0

Conversation

@Lokowitz
Copy link
Contributor

Community Contribution License Agreement

By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.

Description

Sorry for the delay on fixing this.

I have been trying to figure out why this is failing and I think it is because actions from PRs can't use secrets because they would be accessible and leaked.
I removed it for now but am open to adding it back if we figure the right way to push.

Yes on pull_request is just working when someone from the team ist creating the PR, otherwiese no secrets will be available.
On pull_request_target secrects are available. But this workflow will then run with code from the PR target (trusted code).
So we have to merge in the new code with checkout. To be save that no one creates a PR which is stealing the secrets i have added an environment build-dev. This will bring up an approval for running the workflow.

It is not super nice to have this approval step but otherwise it will be to risky.

Important

Be sure to first create the environment and select at least one reviewer before merging.

image

Fix #1625

@Lokowitz
Copy link
Contributor Author

But I am not sure if this is giving us the intended benefit. That would assume that you have to approve the workflow for each push...
So i will leave this workflow in my fork, to get an image for my very low vps.
Let me know if you want this with approval (as is in this pr), without approval (and maybe check if pr/push is from a team member, so that no failed workflow will be shown) or don't use this workflow.

Cheers Marvin

@Lokowitz
Merge remote-tracking branch 'upstream/main' into fix-dev-image
e94a666
@Lokowitz
Merge branch 'fosrl:main' into fix-dev-image
88b4321
@Lokowitz
Enhance Docker build workflow with tagging and jobs
3877089 
Added environment variables for Docker image tagging and created separate jobs for building images based on the pull request source.
@Lokowitz
Copy link
Contributor Author

@oschwartz10612 I updated the action to just trigger an approval when the PR is from a fork. So PRs from the same repo (including Dependabot) will trigger the image creation directly.

@Lokowitz Lokowitz marked this pull request as draft October 21, 2025 08:28
@Lokowitz Lokowitz marked this pull request as ready for review October 21, 2025 12:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Lokowitz