Using global check push right

eclipse-kuksa · Oct 4, 2023 · cc64bd1 · cc64bd1
1 parent b53717c
commit cc64bd1
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 131 deletions.
diff --git a/.github/workflows/check_push_rights.yml b/.github/workflows/check_push_rights.yml
diff --git a/.github/workflows/kuksa_csv_provider.yml b/.github/workflows/kuksa_csv_provider.yml
@@ -19,7 +19,6 @@ on:
   pull_request:
     paths:
       - ".github/workflows/kuksa_csv_provider.yml"
-      - ".github/workflows/check_push_rights.yml"
       - ".github/actions/post-container-location/action.yml"
       - "csv_provider/**"
   workflow_dispatch:
@@ -29,8 +28,8 @@ concurrency:
       cancel-in-progress: true
 
 jobs:
-  checkrights:
-    uses: ./.github/workflows/check_push_rights.yml
+  check_ghcr_push:
+    uses: erikbosch/kuksa-actions/.github/workflows/check_ghcr_push.yml@main
     secrets: inherit
 
   run-csv-provider-tests:
@@ -54,7 +53,7 @@ jobs:
   build-csv-provider-image:
     name: "Build csv provider image"
     runs-on: self-hosted
-    needs: checkrights
+    needs: check_ghcr_push
 
     steps:
     - name: Checkout Repository
@@ -83,7 +82,7 @@ jobs:
     #  uses: docker/setup-buildx-action@v2
 
     - name: Log in to the Container registry
-      if: needs.checkrights.outputs.have_secrets == 'true'
+      if: needs.check_ghcr_push.outputs.push == 'true'
       uses: docker/login-action@v2
       with:
           registry: ghcr.io
@@ -92,7 +91,7 @@ jobs:
 
     - name: Build CSV provider container and push to ghcr.io (and ttl.sh)
       id: ghcr-build
-      if: ${{ needs.checkrights.outputs.have_secrets == 'true' && github.event_name != 'pull_request' }}
+      if: needs.check_ghcr_push.outputs.push == 'true'
       uses: docker/build-push-action@v3
       with:
         platforms: |
@@ -107,7 +106,7 @@ jobs:
         labels: ${{ steps.meta.outputs.labels }}
 
     - name: Build ephemeral CSV provider container and push to ttl.sh
-      if: ${{ needs.checkrights.outputs.have_secrets == 'false' || github.event_name == 'pull_request' }}
+      if: needs.check_ghcr_push.outputs.push == 'false'
       id: tmp-build
       uses: docker/build-push-action@v3
       with:

diff --git a/.github/workflows/kuksa_dbc_feeder.yml b/.github/workflows/kuksa_dbc_feeder.yml
@@ -19,7 +19,6 @@ on:
   pull_request:
     paths:
       - ".github/workflows/kuksa_dbc_feeder.yml"
-      - ".github/workflows/check_push_rights.yml"
       - ".github/actions/post-container-location/action.yml"
       - "dbc2val/**"
   workflow_dispatch:
@@ -29,14 +28,14 @@ concurrency:
       cancel-in-progress: true
 
 jobs:
-  checkrights:
-    uses: ./.github/workflows/check_push_rights.yml
+  check_ghcr_push:
+    uses: erikbosch/kuksa-actions/.github/workflows/check_ghcr_push.yml@main
     secrets: inherit
 
   build-can-feeder-image:
     name: "Build dbc provider image"
     runs-on: self-hosted
-    needs: checkrights
+    needs: check_ghcr_push
 
     steps:
     - name: Checkout Repository
@@ -65,7 +64,7 @@ jobs:
     #  uses: docker/setup-buildx-action@v2
 
     - name: Log in to the Container registry
-      if: needs.checkrights.outputs.have_secrets == 'true'
+      if: needs.check_ghcr_push.outputs.push == 'true'
       uses: docker/login-action@v2
       with:
           registry: ghcr.io
@@ -74,7 +73,7 @@ jobs:
 
     - name: Build DBC provider container container and push to ghcr.io (and ttl.sh)
       id: ghcr-build
-      if: ${{ needs.checkrights.outputs.have_secrets == 'true' && github.event_name != 'pull_request' }}
+      if: needs.check_ghcr_push.outputs.push == 'true'
       uses: docker/build-push-action@v4
       with:
         platforms: |
@@ -89,7 +88,7 @@ jobs:
         labels: ${{ steps.meta.outputs.labels }}
 
     - name: Build ephemeral DBC provider container and push to ttl.sh
-      if: ${{ needs.checkrights.outputs.have_secrets == 'false' || github.event_name == 'pull_request' }}
+      if: needs.check_ghcr_push.outputs.push == 'false'
       id: tmp-build
       uses: docker/build-push-action@v4
       with:

diff --git a/.github/workflows/kuksa_gps_feeder.yml b/.github/workflows/kuksa_gps_feeder.yml
@@ -6,7 +6,6 @@ on:
   pull_request:
     paths:
      - ".github/workflows/kuksa_gps_feeder.yml"
-     - ".github/workflows/check_push_rights.yml"
      - ".github/actions/post-container-location/action.yml"
      - "gps2val/**"
   workflow_dispatch:
@@ -20,14 +19,14 @@ env:
 
 jobs:
 
-  checkrights:
-    uses: ./.github/workflows/check_push_rights.yml
+  check_ghcr_push:
+    uses: erikbosch/kuksa-actions/.github/workflows/check_ghcr_push.yml@main
     secrets: inherit
 
   build-self-hosted:
     if: ${{ github.repository_owner == 'eclipse' }}
     runs-on: [ self-hosted ]
-    needs: checkrights
+    needs: check_ghcr_push
 
     # With default permissions, release action fails on forks
     permissions:
@@ -51,13 +50,8 @@ jobs:
           type=semver,pattern={{major}}.{{minor}}
           type=semver,pattern={{major}}
 
-    - name: Check Rights
-      run: |
-        echo "### [self-hosted] event:[${{ github.event_name }}], have_secrets: ${{ needs.checkrights.outputs.have_secrets }}"
-      shell: bash
-
     - name: Log in to the Container registry
-      if: needs.checkrights.outputs.have_secrets == 'true'
+      if: needs.check_ghcr_push.outputs.push == 'true'
       uses: docker/login-action@v2
       with:
         registry: ghcr.io
@@ -66,7 +60,7 @@ jobs:
 
 
     - name: Build and push KUKSA gps feeder container image and push to ghcr.io
-      if: ${{ needs.checkrights.outputs.have_secrets == 'true' && github.event_name != 'pull_request' }}
+      if: needs.check_ghcr_push.outputs.push == 'true'
       uses: docker/build-push-action@v4
       with:
         platforms: |
@@ -79,7 +73,7 @@ jobs:
         labels: ${{ steps.meta.outputs.labels }}
 
     - name: Posting ghcr.io Summary
-      if: ${{ needs.checkrights.outputs.have_secrets == 'true' && github.event_name != 'pull_request' }}
+      if: needs.check_ghcr_push.outputs.push == 'false'
       uses: ./.github/actions/post-container-location
       with:
         image: ${{ steps.meta.outputs.tags }}
@@ -89,7 +83,7 @@ jobs:
     # NOTE: linux/arm64 platform removed as we are getting Error 413 from ttl.sh due to image size.
     # Only merging to main / release should build multiarch image and push to ghcr.io
     - name: Build ephemeral KUKSA gps feeder and push to ttl.sh
-      if:  ${{ needs.checkrights.outputs.have_secrets == 'false' || github.event_name == 'pull_request' }}
+      if: needs.check_ghcr_push.outputs.push == 'false'
       uses: docker/build-push-action@v4
       with:
         platforms: |
@@ -100,7 +94,7 @@ jobs:
         labels: ${{ steps.meta.outputs.labels }}
 
     - name: Posting ttl.sh Summary
-      if:  ${{ needs.checkrights.outputs.have_secrets == 'false' || github.event_name == 'pull_request' }}
+      if: needs.check_ghcr_push.outputs.push == 'false'
       uses: ./.github/actions/post-container-location
       with:
         image: ${{ env.EPHEMERAL_IMAGE }}
@@ -112,7 +106,7 @@ jobs:
     # we don't have self hosted runners on forked repos, to optimize builds just amd64 image will be built
     if: ${{ github.repository_owner != 'eclipse' }}
     runs-on: ubuntu-latest
-    needs: checkrights
+    needs: check_ghcr_push
 
     # With default permissions, release action fails on forks
     permissions:
@@ -144,13 +138,8 @@ jobs:
           type=semver,pattern={{major}}.{{minor}}
           type=semver,pattern={{major}}
 
-    - name: Check Rights
-      run: |
-        echo "### event:[${{ github.event_name }}], have_secrets: ${{ needs.checkrights.outputs.have_secrets }}"
-      shell: bash
-
     - name: Log in to the Container registry
-      if: needs.checkrights.outputs.have_secrets == 'true'
+      if: needs.check_ghcr_push.outputs.push == 'true'
       uses: docker/login-action@v2
       with:
         registry: ghcr.io
@@ -159,7 +148,7 @@ jobs:
 
 
     - name: Build and push KUKSA gps feeder container image and push to ghcr.io
-      if: ${{ needs.checkrights.outputs.have_secrets == 'true' && github.event_name != 'pull_request' }}
+      if: needs.check_ghcr_push.outputs.push == 'true'
       uses: docker/build-push-action@v4
       with:
         platforms: |
@@ -171,7 +160,7 @@ jobs:
         labels: ${{ steps.meta.outputs.labels }}
 
     - name: Posting ghcr.io Summary
-      if: ${{ needs.checkrights.outputs.have_secrets == 'true' && github.event_name != 'pull_request' }}
+      if: needs.check_ghcr_push.outputs.push == 'true'
       uses: ./.github/actions/post-container-location
       with:
         image: ${{ steps.meta.outputs.tags }}
@@ -180,7 +169,7 @@ jobs:
 
 
     - name: Build ephemeral KUKSA gps feeder and push to ttl.sh
-      if:  ${{ needs.checkrights.outputs.have_secrets == 'false' || github.event_name == 'pull_request' }}
+      if: needs.check_ghcr_push.outputs.push == 'false'
       uses: docker/build-push-action@v4
       with:
         platforms: |
@@ -191,7 +180,7 @@ jobs:
         labels: ${{ steps.meta.outputs.labels }}
 
     - name: Posting ttl.sh Summary
-      if: ${{ needs.checkrights.outputs.have_secrets == 'false' || github.event_name == 'pull_request' }}
+      if: needs.check_ghcr_push.outputs.push == 'false'
       uses: ./.github/actions/post-container-location
       with:
         image: ${{ env.EPHEMERAL_IMAGE }}

diff --git a/.github/workflows/someip2val_build.yml b/.github/workflows/someip2val_build.yml
@@ -19,7 +19,6 @@ on:
   pull_request:
     paths:
       - ".github/workflows/someip2val_build.yml"
-      - ".github/workflows/check_push_rights.yml"
       - "someip2val/**"
   workflow_dispatch:
     inputs:
@@ -35,7 +34,7 @@ concurrency:
 jobs:
 
   checkrights:
-    uses: ./.github/workflows/check_push_rights.yml
+    uses: erikbosch/kuksa-actions/.github/workflows/check_push_rights.yml@main
     secrets: inherit
 
   build: