Aman-Mittal commented on PR #5249:
URL: https://github.com/apache/fineract/pull/5249#issuecomment-3773759360
> Hi @adamsaghy,
>
> I saw your note about needing a 'dual building' strategy to unblock the PR
checks for contributors without access to the hardened image secrets.
>
> I've just forked the repo and am prototyping a change to the GitHub
Actions workflow to handle this conditional logic (using the public image for
PRs vs. hardened for main/develop).
>
> If you aren't already working on this part, I'd love to polish it up and
submit a PR to your branch to get these checks passing.
I think Hardened image **Must always be run at main upstream protected
branch** and it must have a check where forked repository do not use hardened
images and secret maybe check like this can help
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Detect trusted context
if: github.event.pull_request.head.repo.fork == false
run: |
echo "CI_IMAGE= <context>"
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
