Workflow docker-build: Don't try to authenticate for PRs

* Secrets are not available anyway for forks.
Akkudoktor-EOS · Jan 13, 2025 · 25d5e01 · 25d5e01
1 parent 7609e7f
commit 25d5e01
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
@@ -89,19 +89,25 @@ jobs:
 
       - name: Login to Docker Hub
         uses: docker/login-action@v3
+        # skip for pull requests
+        if: ${{ github.event_name != 'pull_request' }}
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
       - name: Login to GHCR
         uses: docker/login-action@v3
+        # skip for pull requests
+        if: ${{ github.event_name != 'pull_request' }}
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
+        # skip for pull requests
+        if: ${{ github.event_name != 'pull_request' }}
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -114,21 +120,22 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           annotations: ${{ steps.meta.outputs.annotations }}
           outputs: type=image,"name=${{ env.DOCKERHUB_REPO }},${{ env.GHCR_REPO }}",push-by-digest=true,name-canonical=true,"push=${{ github.event_name != 'pull_request' }}","annotation-index.org.opencontainers.image.description=${{ env.EOS_REPO_DESCRIPTION }}"
-          #push: ${{ github.event_name != 'pull_request' }}
 
       - name: Generate artifact attestation DockerHub
         uses: actions/attest-build-provenance@v2
+        if: ${{ github.event_name != 'pull_request' }}
         with:
           subject-name: docker.io/${{ env.DOCKERHUB_REPO }}
           subject-digest: ${{ steps.build.outputs.digest }}
-          push-to-registry: ${{ github.event_name != 'pull_request' }}
+          push-to-registry: true
 
       - name: Generate artifact attestation GitHub
         uses: actions/attest-build-provenance@v2
+        if: ${{ github.event_name != 'pull_request' }}
         with:
           subject-name: ${{ env.GHCR_REPO }}
           subject-digest: ${{ steps.build.outputs.digest }}
-          push-to-registry: ${{ github.event_name != 'pull_request' }}
+          push-to-registry: true
 
       - name: Export digest
         run: |