From 4a8d3c858c483f1cd5197fa12404e7b60522d32d Mon Sep 17 00:00:00 2001 From: shamoon <4887959+shamoon@users.noreply.github.com> Date: Wed, 19 Nov 2025 12:58:10 -0800 Subject: [PATCH] Chore: re-enable docker builds for PRs (#11398) --- .github/workflows/ci.yml | 39 ++++++++++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 76ab247fb..e1cc4c3ce 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -353,9 +353,9 @@ jobs: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} run: cd src-ui && pnpm run build --configuration=production build-docker-image: - name: Build Docker image for ${{ github.ref_name }} + name: Build Docker image for ${{ github.event_name == 'pull_request' && github.head_ref || github.ref_name }} runs-on: ubuntu-24.04 - if: github.event_name == 'push' && (startsWith(github.ref, 'refs/heads/feature-') || startsWith(github.ref, 'refs/heads/fix-') || github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/beta' || contains(github.ref, 'beta.rc') || startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/heads/l10n_')) + if: (github.event_name == 'push' && (startsWith(github.ref, 'refs/heads/feature-') || startsWith(github.ref, 'refs/heads/fix-') || github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/beta' || contains(github.ref, 'beta.rc') || startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/heads/l10n_'))) || (github.event_name == 'pull_request' && (startsWith(github.head_ref, 'feature-') || startsWith(github.head_ref, 'fix-') || github.head_ref == 'dev' || github.head_ref == 'beta' || contains(github.head_ref, 'beta.rc') || startsWith(github.head_ref, 'l10n_'))) concurrency: group: ${{ github.workflow }}-build-docker-image-${{ github.ref_name }} cancel-in-progress: true @@ -364,6 +364,23 @@ jobs: - tests-frontend - tests-frontend-e2e steps: + - name: Prepare build variables + id: build-vars + uses: actions/github-script@v8 + with: + result-encoding: string + script: | + const isPR = context.eventName === 'pull_request'; + const defaultRefName = context.ref.replace('refs/heads/', ''); + const headRef = isPR ? context.payload.pull_request.head.ref : defaultRefName; + const buildRef = isPR ? `refs/heads/${headRef}` : context.ref; + const buildCacheKey = headRef.split('/').join('-'); + const canPush = context.eventName === 'push' || (isPR && context.payload.pull_request.head.repo.full_name === `${context.repo.owner}/${context.repo.repo}`); + + core.setOutput('build-ref', buildRef); + core.setOutput('build-ref-name', headRef); + core.setOutput('build-cache-key', buildCacheKey); + core.setOutput('can-push', canPush ? 'true' : 'false'); - name: Check pushing to Docker Hub id: push-other-places # Only push to Dockerhub from the main repo AND the ref is either: @@ -372,8 +389,11 @@ jobs: # beta # a tag # Otherwise forks would require a Docker Hub account and secrets setup + env: + BUILD_REF: ${{ steps.build-vars.outputs.build-ref }} + BUILD_REF_NAME: ${{ steps.build-vars.outputs.build-ref-name }} run: | - if [[ ${{ github.repository_owner }} == "paperless-ngx" && ( ${{ github.ref_name }} == "dev" || ${{ github.ref_name }} == "beta" || ${{ startsWith(github.ref, 'refs/tags/v') }} == "true" ) ]] ; then + if [[ ${{ github.repository_owner }} == "paperless-ngx" && ( "$BUILD_REF_NAME" == "dev" || "$BUILD_REF_NAME" == "beta" || $BUILD_REF == refs/tags/v* || $BUILD_REF == *beta.rc* ) ]] ; then echo "Enabling DockerHub image push" echo "enable=true" >> $GITHUB_OUTPUT else @@ -397,6 +417,8 @@ jobs: tags: | # Tag branches with branch name type=ref,event=branch + # Pull requests need a sanitized branch tag for pushing images + type=raw,value=${{ steps.build-vars.outputs.build-cache-key }},enable=${{ github.event_name == 'pull_request' }} # Process semver tags # For a tag x.y.z or vX.Y.Z, output an x.y.z and x.y image tag type=semver,pattern={{version}} @@ -439,7 +461,7 @@ jobs: context: . file: ./Dockerfile platforms: linux/amd64,linux/arm64 - push: ${{ github.event_name != 'pull_request' }} + push: ${{ steps.build-vars.outputs.can-push == 'true' }} tags: ${{ steps.docker-meta.outputs.tags }} labels: ${{ steps.docker-meta.outputs.labels }} build-args: | @@ -447,18 +469,20 @@ jobs: # Get cache layers from this branch, then dev # This allows new branches to get at least some cache benefits, generally from dev cache-from: | - type=registry,ref=ghcr.io/${{ steps.set-ghcr-repository.outputs.ghcr-repository }}/builder/cache/app:${{ github.ref_name }} + type=registry,ref=ghcr.io/${{ steps.set-ghcr-repository.outputs.ghcr-repository }}/builder/cache/app:${{ steps.build-vars.outputs.build-cache-key }} type=registry,ref=ghcr.io/${{ steps.set-ghcr-repository.outputs.ghcr-repository }}/builder/cache/app:dev - cache-to: | - type=registry,mode=max,ref=ghcr.io/${{ steps.set-ghcr-repository.outputs.ghcr-repository }}/builder/cache/app:${{ github.ref_name }} + cache-to: ${{ steps.build-vars.outputs.can-push == 'true' && format('type=registry,mode=max,ref=ghcr.io/{0}/builder/cache/app:{1}', steps.set-ghcr-repository.outputs.ghcr-repository, steps.build-vars.outputs.build-cache-key) || '' }} - name: Inspect image + if: steps.build-vars.outputs.can-push == 'true' run: | docker buildx imagetools inspect ${{ fromJSON(steps.docker-meta.outputs.json).tags[0] }} - name: Export frontend artifact from docker + if: steps.build-vars.outputs.can-push == 'true' run: | docker create --name frontend-extract ${{ fromJSON(steps.docker-meta.outputs.json).tags[0] }} docker cp frontend-extract:/usr/src/paperless/src/documents/static/frontend src/documents/static/frontend/ - name: Upload frontend artifact + if: steps.build-vars.outputs.can-push == 'true' uses: actions/upload-artifact@v5 with: name: frontend-compiled @@ -469,6 +493,7 @@ jobs: needs: - build-docker-image - documentation + if: github.event_name == 'push' runs-on: ubuntu-24.04 steps: - name: Checkout