Skip to content

Generate artifacts - PR #7599 - by @amazingfate #3084

Generate artifacts - PR #7599 - by @amazingfate

Generate artifacts - PR #7599 - by @amazingfate #3084

name: Generate Artifacts on PR if 'Build' label exists
run-name: "Generate artifacts - PR #${{ github.event.pull_request.number }} - by @${{ github.actor }}"
#
# If PR is labeled with "Build" and you are a member of "Release manager" team it will start a build train (additional security feature).
# In the run name, ${{ github.actor }} shows who's privileges are used for this run.
#
on: pull_request_target
jobs:
Check:
permissions:
pull-requests: read
name: Check label and authorization
runs-on: Linux
outputs:
member: ${{ steps.checkUserMember.outputs.isTeamMember }}
steps:
- uses: tspascoal/get-user-teams-membership@v3
if: contains(github.event.pull_request.labels.*.name, 'Build')
id: checkUserMember
with:
username: ${{ github.actor }}
organization: armbian
team: "Release manager"
GITHUB_TOKEN: ${{ secrets.ORG_MEMBERS }}
Compile:
needs: Check
name: Generate artifacts
concurrency:
group: pipeline-pr-${{github.event.pull_request.number}}
cancel-in-progress: true
if: ${{ github.repository_owner == 'Armbian' && needs.Check.outputs.member == 'true' }}
uses: armbian/os/.github/workflows/complete-artifact-matrix-all.yml@main
secrets:
ORG_MEMBERS: ${{ secrets.ORG_MEMBERS }}
with:
extraParamsAllBuilds: "UPLOAD_TO_OCI_ONLY=no"
ref: ${{ github.event.pull_request.head.sha }}