DeathGun44 commented on PR #5249: URL: https://github.com/apache/fineract/pull/5249#issuecomment-3774535084
> > Hi @adamsaghy, > > I saw your note about needing a 'dual building' strategy to unblock the PR checks for contributors without access to the hardened image secrets. > > I've just forked the repo and am prototyping a change to the GitHub Actions workflow to handle this conditional logic (using the public image for PRs vs. hardened for main/develop). > > If you aren't already working on this part, I'd love to polish it up and submit a PR to your branch to get these checks passing. > > I think Hardened image **Must always be run at main upstream protected branch** and it must have a check where forked repository do not use hardened images and secret maybe check like this can help > > ``` > runs-on: ubuntu-latest > steps: > - uses: actions/checkout@v4 > > - name: Detect trusted context > if: github.event.pull_request.head.repo.fork == false > run: | > echo "CI_IMAGE= <context>" > ``` Thanks. That conditional check looks like the right direction for handling the fork context. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
