You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The issue we have is that our sample containers get pushed to GHCR even when we're just doing testing. The problem is that a PR from a fork will not (and should not) have permission to push to our GHCR.
Ideal solution
PRs from a fork 'just work' without an approval step.
Non-ideal solution
PRs from a fork give the user permissions on our GHCR, and then require approval to run. This isn't great because now we have a manual approval step.
How we could do it
What if we didn't push the images to GHCR.
We need a container registry that doesn't require permissions to read from.
We need to be able to read from the container registry in the Github Agent as we run a k3d cluster in the agent.
Summary
The issue we have is that our sample containers get pushed to GHCR even when we're just doing testing. The problem is that a PR from a fork will not (and should not) have permission to push to our GHCR.
Ideal solution
PRs from a fork 'just work' without an approval step.
Non-ideal solution
PRs from a fork give the user permissions on our GHCR, and then require approval to run. This isn't great because now we have a manual approval step.
How we could do it
What if we didn't push the images to GHCR.
We create the K3d cluster here.
Conveniently K3d has a built in feature-set for an internal container registry: https://k3d.io/v5.6.0/usage/registries/
Solution:
AB#9864
The text was updated successfully, but these errors were encountered: