-
Notifications
You must be signed in to change notification settings - Fork 23
51 lines (49 loc) · 2 KB
/
pr_full_access.yml
File metadata and controls
51 lines (49 loc) · 2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# contains additional jobs to run for 'complete' workflow that involve secrets
name: pull request (full access)
on:
# 'pull_request_target' required to make secrets available for jobs
pull_request_target:
types:
- opened
- synchronize
- labeled
jobs:
# all jobs should have a if check for 'ok-to-test' label in order to be gated by the label.
# otherwise secrets might be unintentionally exposed to malicious forks.
build-push-docker-images-for-e2e-tests:
if: contains(github.event.pull_request.labels.*.name, 'ok-to-test') || contains(github.event.pull_request.labels.*.name, 'approved')
runs-on: [ubuntu-latest]
strategy:
matrix:
component: [jobservice, spark]
env:
GITHUB_PR_SHA: ${{ github.event.pull_request.head.sha }}
REGISTRY: gcr.io/kf-feast
MAVEN_CACHE: gs://feast-templocation-kf-feast/.m2.2020-08-19.tar
steps:
- uses: actions/checkout@v2
with:
# pull_request_target runs the workflow in the context of the base repo
# as such actions/checkout needs to be explicit configured to retrieve
# code from the PR.
ref: ${{ github.event.pull_request.merge_commit_sha }}
- uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- uses: google-github-actions/setup-gcloud@v0
with:
version: '290.0.1'
export_default_credentials: true
project_id: ${{ secrets.GCP_PROJECT_ID }}
service_account_key: ${{ secrets.GCP_SA_KEY }}
- run: gcloud auth configure-docker --quiet
- name: Get m2 cache
run: |
infra/scripts/download-maven-cache.sh \
--archive-uri ${MAVEN_CACHE} \
--output-dir $HOME
- name: Build image
run: make build-${{ matrix.component }}-docker REGISTRY=${REGISTRY} VERSION=${GITHUB_PR_SHA}
- name: Push image
run: |
docker push ${REGISTRY}/feast-${{ matrix.component }}:${GITHUB_PR_SHA}