diff --git a/.github/workflows/backend-docker.yml b/.github/workflows/backend-docker.yml index 2d24c5c8c..d3e06611a 100644 --- a/.github/workflows/backend-docker.yml +++ b/.github/workflows/backend-docker.yml @@ -7,11 +7,17 @@ name: Backend / Docker on: push: branches: [ develop ] + pull_request_target: + branches: [ develop ] pull_request: branches: [ develop ] +permissions: + contents: read + packages: write + concurrency: - group: ${{ github.workflow }}-${{ github.ref }}-${{ github.job }} + group: ${{ github.workflow }}-${{ !!github.event.pull_request && github.event.pull_request.head.label || github.ref }}-${{ github.event_name }}-${{ github.job }} cancel-in-progress: true jobs: @@ -38,6 +44,7 @@ jobs: - '.yarn/**' build-dev: + if: "(github.event_name == 'pull_request_target') == github.event.pull_request.head.repo.fork" needs: changes runs-on: ubuntu-latest steps: @@ -70,7 +77,7 @@ jobs: sqlite-test: runs-on: ubuntu-latest - if: needs.changes.outputs.changed == 'true' + if: needs.changes.outputs.changed == 'true' && (github.event_name == 'pull_request_target') == github.event.pull_request.head.repo.fork needs: [ build-dev, changes ] container: image: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}-ci:${{ github.sha }} @@ -79,7 +86,7 @@ jobs: sqlite-e2e: runs-on: ubuntu-latest - if: needs.changes.outputs.changed == 'true' + if: needs.changes.outputs.changed == 'true' && (github.event_name == 'pull_request_target') == github.event.pull_request.head.repo.fork needs: [ build-dev, changes ] container: image: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}-ci:${{ github.sha }} @@ -88,6 +95,7 @@ jobs: build-prod: runs-on: ubuntu-latest + if: (github.event_name == 'pull_request_target') == github.event.pull_request.head.repo.fork needs: [ sqlite-test, sqlite-e2e, changes ] steps: - uses: actions/checkout@v3 @@ -114,7 +122,7 @@ jobs: if: needs.changes.outputs.changed == 'true' - name: Login to GHCR - if: github.event_name != 'pull_request' && needs.changes.outputs.changed == 'true' + if: github.event_name == 'push' && needs.changes.outputs.changed == 'true' uses: docker/login-action@v2 with: registry: ghcr.io @@ -125,7 +133,7 @@ jobs: if: needs.changes.outputs.changed == 'true' uses: docker/build-push-action@v3 with: - push: ${{ github.event_name != 'pull_request' }} + push: ${{ github.event_name == 'push' }} file: backend/docker/Dockerfile tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }}