B
BlueBuild•7d ago
RoyalOughtness

Is there a way to run Pull Request builds?

Sort of like how bluefin does it, where uploads and signing are disabled, but everything else runs
Solution:
https://github.com/secureblue/secureblue/pull/557/files
Jump to solution
14 Replies
fiftydinar
fiftydinar•7d ago
I think they are already enabled, along with normal builds. They are tagged pr- something
Luke Skywunker
Luke Skywunker•6d ago
If you're looking for a way to do just the build without pushing the image, you're probably going to have to create your own step to do that. Currently, our GitLab action always passes the --push option.
RoyalOughtness
RoyalOughtnessOP•6d ago
ahh, got it. so i can do it with the cli but not with the action as-is let me see
Luke Skywunker
Luke Skywunker•6d ago
Correct
RoyalOughtness
RoyalOughtnessOP•6d ago
so i need to drop --push and then is there a quick way to disable signing too? can i just drop COSIGN_PRIVATE_KEY or will that make it fail hmm that'll probably make it fail let me read the docs
Luke Skywunker
Luke Skywunker•6d ago
I don't think we check for the key if you don't have push enabled.
RoyalOughtness
RoyalOughtnessOP•6d ago
oh sweet let me give it a spin @gmpinder looks like it's working 🙂 
[01:16:32 g.i/s/silverblue-main-userns-hardened:pr-557-41] => Writing manifest to image destination
[01:16:34 g.i/s/silverblue-main-userns-hardened:pr-557-41] => --> 97568e4eae7a
[01:16:34 g.i/s/silverblue-main-userns-hardened:pr-557-41] => Successfully tagged ghcr.io/secureblue/silverblue-main-userns-hardened:pr-557-41
[01:16:36 g.i/s/silverblue-main-userns-hardened:pr-557-41] => 97568e4eae7ab36a980567dd565d4b7b0408b992c234c27e5bf17e4bbbb6a7c8
[01:16:36  INFO] => Successfully built ghcr.io/secureblue/silverblue-main-userns-hardened:pr-557-41
[01:16:36 DEBUG] => Tagging all images
[01:16:36 DEBUG] => Tagging ghcr.io/secureblue/silverblue-main-userns-hardened:pr-557-41 with pr-557-41
[01:16:36  INFO] => Successfully tagged ghcr.io/secureblue/silverblue-main-userns-hardened:pr-557-41!
[01:16:36 DEBUG] => Tagging ghcr.io/secureblue/silverblue-main-userns-hardened:pr-557-41 with 420cd6e-41
[01:16:36  INFO] => Successfully tagged ghcr.io/secureblue/silverblue-main-userns-hardened:420cd6e-41!
[01:16:32 g.i/s/silverblue-main-userns-hardened:pr-557-41] => Writing manifest to image destination
[01:16:34 g.i/s/silverblue-main-userns-hardened:pr-557-41] => --> 97568e4eae7a
[01:16:34 g.i/s/silverblue-main-userns-hardened:pr-557-41] => Successfully tagged ghcr.io/secureblue/silverblue-main-userns-hardened:pr-557-41
[01:16:36 g.i/s/silverblue-main-userns-hardened:pr-557-41] => 97568e4eae7ab36a980567dd565d4b7b0408b992c234c27e5bf17e4bbbb6a7c8
[01:16:36  INFO] => Successfully built ghcr.io/secureblue/silverblue-main-userns-hardened:pr-557-41
[01:16:36 DEBUG] => Tagging all images
[01:16:36 DEBUG] => Tagging ghcr.io/secureblue/silverblue-main-userns-hardened:pr-557-41 with pr-557-41
[01:16:36  INFO] => Successfully tagged ghcr.io/secureblue/silverblue-main-userns-hardened:pr-557-41!
[01:16:36 DEBUG] => Tagging ghcr.io/secureblue/silverblue-main-userns-hardened:pr-557-41 with 420cd6e-41
[01:16:36  INFO] => Successfully tagged ghcr.io/secureblue/silverblue-main-userns-hardened:420cd6e-41!
question though out of curiosity, where is the "image destination" in this case? since it's not being pushed anywhere
Luke Skywunker
Luke Skywunker•6d ago
It's just stored in the builder as cache
RoyalOughtness
RoyalOughtnessOP•6d ago
ah cool
Luke Skywunker
Luke Skywunker•6d ago
Well, it's in the builder when you're using Docker. If you're using Podman, it's actually tagged in the local image registry
RoyalOughtness
RoyalOughtnessOP•6d ago
got it, cool
Solution
RoyalOughtness
RoyalOughtness•6d ago
RoyalOughtness
RoyalOughtnessOP•6d ago
this is big 😄
Luke Skywunker
Luke Skywunker•6d ago
Oh wait no, I'm dumb. With Docker it will load the image from the builder into the Docker local image registry as well
Want results from more Discord servers?
Add your server