Create separate build and publish workflows

- Prevent failing CI for PRs bacause of missing permission to push images. - Prevent image builds from users with sufficient permission to get published on PRs and branches other than master. Signed-off-by: Han Verstraete (OpenFaaS Ltd) <[email protected]>
openfaas · Jun 18, 2024 · f8ce446 · f8ce446
1 parent 07cc915
commit f8ce446
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 11 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -33,29 +33,23 @@ jobs:
  - name: Get Repo Owner
  id: get_repo_owner
  run: echo "REPO_OWNER=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" > $GITHUB_ENV
-
- - name: Docker Login
- run: > 
- echo ${{ secrets.GITHUB_TOKEN }} | 
- docker login ghcr.io --username 
- ${{ env.REPO_OWNER }} 
- --password-stdin
- - name: Publish multi-arch functions
+
+ - name: Build multi-arch functions
  run: >
  OWNER="${{ env.REPO_OWNER }}" 
  TAG="latest"
  SERVER="ghcr.io"
- faas-cli publish
+ faas-cli build
  --extra-tag ${{ github.sha }}
  --build-arg GO111MODULE=on
  --platforms linux/arm/v7,linux/arm64,linux/amd64
 
- - name: Publish amd64-only functions
+ - name: Build amd64-only functions
  run: >
  OWNER="${{ env.REPO_OWNER }}" 
  TAG="latest"
  SERVER="ghcr.io"
- faas-cli publish
+ faas-cli build
  --extra-tag ${{ github.sha }}
  --platforms linux/amd64
  -f stack-amd64.yml

diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -0,0 +1,58 @@
+name: publish
+
+on:
+ push:
+ branches:
+ - 'master'
+
+jobs:
+ build:
+ concurrency: 
+ group: ${{ github.ref }}
+ cancel-in-progress: true
+
+ permissions:
+ packages: write
+ checks: write
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@master
+ with:
+ fetch-depth: 1
+ - name: Get faas-cli
+ run: curl -sLSf https://cli.openfaas.com | sudo sh
+ - name: Set up QEMU
+ uses: docker/setup-qemu-action@v3
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v3
+
+ - name: Get Repo Owner
+ id: get_repo_owner
+ run: echo "REPO_OWNER=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" > $GITHUB_ENV
+
+ - name: Docker Login
+ run: > 
+ echo ${{ secrets.GITHUB_TOKEN }} | 
+ docker login ghcr.io --username 
+ ${{ env.REPO_OWNER }} 
+ --password-stdin
+ - name: Publish multi-arch functions
+ run: >
+ OWNER="${{ env.REPO_OWNER }}" 
+ TAG="latest"
+ SERVER="ghcr.io"
+ faas-cli publish
+ --extra-tag ${{ github.sha }}
+ --build-arg GO111MODULE=on
+ --platforms linux/arm/v7,linux/arm64,linux/amd64
+
+ - name: Publish amd64-only functions
+ run: >
+ OWNER="${{ env.REPO_OWNER }}" 
+ TAG="latest"
+ SERVER="ghcr.io"
+ faas-cli publish
+ --extra-tag ${{ github.sha }}
+ --platforms linux/amd64
+ -f stack-amd64.yml