47f8065d49
* Add action for artifacts creation at pull request * Run at PR comment /build and improve security
48 lines
1.3 KiB
YAML
48 lines
1.3 KiB
YAML
name: Generate artifacts on PR
|
|
#
|
|
# If you comment "/build" to the PR comment this action will run compilation on PR
|
|
# but only if you are a member of "Release manager" team. As additional security feature
|
|
#
|
|
|
|
on:
|
|
issue_comment:
|
|
types: [created]
|
|
workflow_dispatch:
|
|
|
|
concurrency:
|
|
group: pipeline-pr-${{github.event.pull_request.number}}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
|
|
Check:
|
|
permissions:
|
|
pull-requests: read
|
|
|
|
name: "Permission to run compilation"
|
|
if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/build')
|
|
runs-on: Linux
|
|
outputs:
|
|
member: ${{ steps.checkUserMember.outputs.isTeamMember }}
|
|
steps:
|
|
|
|
- uses: tspascoal/get-user-teams-membership@v2
|
|
id: checkUserMember
|
|
with:
|
|
username: ${{ github.actor }}
|
|
organization: armbian
|
|
team: "Release manager"
|
|
GITHUB_TOKEN: ${{ secrets.ORG_MEMBERS }}
|
|
|
|
Compile:
|
|
|
|
needs: Check
|
|
name: "Update artifacts"
|
|
if: ${{ github.repository_owner == 'Armbian' && needs.Check.outputs.member == 'true' }}
|
|
uses: armbian/os/.github/workflows/complete-artifact-matrix-all.yml@main
|
|
secrets:
|
|
ORG_MEMBERS: ${{ secrets.ORG_MEMBERS }}
|
|
with:
|
|
extraParamsAllBuilds: "UPLOAD_TO_OCI_ONLY=no"
|
|
ref: ${{ github.event.pull_request.head.sha }}
|