fix: Prevent certain builds from running when the PR is from a fork

blue-build · Dec 9, 2024 · 4910292 · 4910292
1 parent 273d879
commit 4910292
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 71 deletions.
diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml
@@ -16,8 +16,7 @@ jobs:
   arm64-prebuild:
     timeout-minutes: 10
     runs-on: ubuntu-latest
-    if: github.repository == 'blue-build/cli'
-
+    if: github.repository == github.event.pull_request.head.repo.full_name
     steps:
       - uses: earthly/actions-setup@v1
 
@@ -50,7 +49,7 @@ jobs:
   amd64-prebuild:
     timeout-minutes: 10
     runs-on: ubuntu-latest
-    if: github.repository == 'blue-build/cli'
+    if: github.repository == github.event.pull_request.head.repo.full_name
 
     steps:
       - uses: earthly/actions-setup@v1
@@ -84,7 +83,7 @@ jobs:
   build-images:
     timeout-minutes: 60
     runs-on: ubuntu-latest
-    if: github.repository == 'blue-build/cli'
+    if: github.repository == github.event.pull_request.head.repo.full_name
     needs:
       - arm64-prebuild
       - amd64-prebuild
@@ -120,7 +119,7 @@ jobs:
   build-scripts:
     timeout-minutes: 5
     runs-on: ubuntu-latest
-    if: github.repository == 'blue-build/cli'
+    if: github.repository == github.event.pull_request.head.repo.full_name
     steps:
       - uses: earthly/actions-setup@v1
 
@@ -155,8 +154,6 @@ jobs:
     permissions:
       packages: write
     timeout-minutes: 60
-    needs:
-      - amd64-prebuild
     runs-on: ubuntu-latest
 
     steps:
@@ -289,10 +286,8 @@ jobs:
           GH_PR_EVENT_NUMBER: ${{ github.event.number }}
           COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
         run: |
-          just install-debug-all-features
-          cd integration-tests/test-repo
           export CARGO_HOME=$HOME/.cargo
-          sudo -E $CARGO_HOME/bin/bluebuild build --push -vv --rechunk recipes/recipe-rechunk.yml
+          just test-rechunk-build
 
   arm64-build:
     timeout-minutes: 40
@@ -337,6 +332,7 @@ jobs:
   docker-build-external-login:
     timeout-minutes: 20
     runs-on: ubuntu-latest
+    if: github.repository == github.event.pull_request.head.repo.full_name
     permissions:
       contents: read
       packages: write
@@ -380,64 +376,6 @@ jobs:
           BB_BUILDKIT_CACHE_GHA: true
         run: just test-docker-build-external-login
 
-  # Free trial is over
-  # docker-build-oauth-login:
-  #   timeout-minutes: 20
-  #   runs-on: ubuntu-latest
-  #   permissions:
-  #     contents: read
-  #     packages: write
-  #     id-token: write
-
-  #   steps:
-  #     - name: Google Auth
-  #       id: auth
-  #       uses: "google-github-actions/auth@v2"
-  #       with:
-  #         token_format: "access_token"
-  #         service_account: ${{ secrets.SERVICE_ACCOUNT }}
-  #         project_id: bluebuild-oidc
-  #         create_credentials_file: false
-  #         workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY }}
-
-  #     - name: Maximize build space
-  #       uses: ublue-os/remove-unwanted-software@v6
-
-  #     - uses: sigstore/[email protected]
-
-  #     - name: Set up Docker Buildx
-  #       uses: docker/setup-buildx-action@v3
-  #       with:
-  #         install: true
-
-  #     - uses: actions-rust-lang/setup-rust-toolchain@v1
-
-  #     - name: Docker Auth
-  #       id: docker-auth
-  #       uses: "docker/login-action@v3"
-  #       with:
-  #         username: "oauth2accesstoken"
-  #         password: "${{ steps.auth.outputs.access_token }}"
-  #         registry: us-east1-docker.pkg.dev
-
-  #     - uses: actions/checkout@v4
-  #       with:
-  #         fetch-depth: 0
-  #         ref: ${{github.event.pull_request.head.ref}}
-  #         repository: ${{github.event.pull_request.head.repo.full_name}}
-
-  #     - name: Expose GitHub Runtime
-  #       uses: crazy-max/ghaction-github-runtime@v3
-
-  #     - uses: extractions/setup-just@v1
-
-  #     - name: Run Build
-  #       env:
-  #         GH_PR_EVENT_NUMBER: ${{ github.event.number }}
-  #         COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
-  #         BB_BUILDKIT_CACHE_GHA: true
-  #       run: just test-docker-build-oauth-login
-
   podman-build:
     timeout-minutes: 20
     runs-on: ubuntu-latest

diff --git a/justfile b/justfile
@@ -149,7 +149,7 @@ test-docker-build: install-debug-all-features
 
 test-rechunk-build: install-debug-all-features
   cd integration-tests/test-repo \
-  && sudo {{ cargo_bin }}/bluebuild build \
+  && sudo -E {{ cargo_bin }}/bluebuild build \
     {{ should_push }} \
     -vv \
     --rechunk \

diff --git a/process/drivers/docker_driver.rs b/process/drivers/docker_driver.rs
@@ -8,7 +8,7 @@ use std::{
 
 use blue_build_utils::{
     cmd,
-    constants::{BB_BUILDKIT_CACHE_GHA, CONTAINER_FILE, DOCKER_HOST},
+    constants::{BB_BUILDKIT_CACHE_GHA, CONTAINER_FILE, DOCKER_HOST, GITHUB_ACTIONS},
     credentials::Credentials,
     string_vec,
 };
@@ -340,7 +340,9 @@ impl BuildDriver for DockerDriver {
                             opts.compression
                         ),
                     );
-                } else {
+
+                // We don't want to load the image into docker as it will double disk usage
+                } else if env::var(GITHUB_ACTIONS).is_err() {
                     cmd!(command, "--load");
                 }
                 images