forked from armbian/build
-
Notifications
You must be signed in to change notification settings - Fork 0
43 lines (39 loc) · 1.46 KB
/
pr-build-artifacts.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
name: Generate Artifacts on PR if 'Build' label exists
run-name: "Generate artifacts - PR #${{ github.event.pull_request.number }} - by @${{ github.actor }}"
#
# If PR is labeled with "Build" and you are a member of "Release manager" team it will start a build train (additional security feature).
# In the run name, ${{ github.actor }} shows who's privileges are used for this run.
#
on:
pull_request:
types: [opened, reopened, synchronize, labeled]
jobs:
Check:
permissions:
pull-requests: read
name: Check label and authorization
if: contains(github.event.pull_request.labels.*.name, 'Build')
runs-on: Linux
outputs:
member: ${{ steps.checkUserMember.outputs.isTeamMember }}
steps:
- uses: tspascoal/get-user-teams-membership@v3
id: checkUserMember
with:
username: ${{ github.actor }}
organization: armbian
team: "Release manager"
GITHUB_TOKEN: ${{ secrets.ORG_MEMBERS }}
Compile:
needs: Check
name: Generate artifacts
concurrency:
group: pipeline-pr-${{github.event.pull_request.number}}
cancel-in-progress: true
if: ${{ github.repository_owner == 'Armbian' && needs.Check.outputs.member == 'true' }}
uses: armbian/os/.github/workflows/complete-artifact-matrix-all.yml@main
secrets:
ORG_MEMBERS: ${{ secrets.ORG_MEMBERS }}
with:
extraParamsAllBuilds: "UPLOAD_TO_OCI_ONLY=no"
ref: ${{ github.event.pull_request.head.sha }}