fix(agentless): force lowercase for agentless tags, build but don't push on prs (#14)

mskalka · mskalka · commit 5d8c2df2af61 · 2025-02-03T13:03:59.000-05:00
* fix(agentless): force lowercase for agentless tags

* feat(agentless): only push agent containers on merges to main
diff --git a/.github/workflows/agentless-container.yaml b/.github/workflows/agentless-container.yaml
@@ -2,6 +2,12 @@ name: Build and push agentless container image
 
 # Configures this workflow to run every time a tag is created
 on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - containers/agentless/**
+      - .github/workflows/agentless-container.yaml
   push:
     branches: 
       - main
@@ -55,8 +61,12 @@ jobs:
           for version in $TEST_VERSIONS; do
             TAGS+="-t ${{ env.REGISTRY }}/${{env.IMAGE_NAME}}/agentless:$version "
           done
+          TAGS=$(echo $TAGS | tr '[:upper:]' '[:lower:]')
 
-          docker buildx build --push --platform linux/amd64,linux/arm64 $TAGS --metadata-file=metadata.json -f ../containers/agentless/Dockerfile ../containers/agentless
+          # GITHUB_BASE_REF is only set when the action source event is a pull request.
+          # in that case don't push.
+          export PUSH=$(if [ ${{ github.event.action }} != 'pull_request' ]; then echo "--push"; else echo ""; fi)
+          docker buildx build $PUSH --platform linux/amd64,linux/arm64 $TAGS --metadata-file=metadata.json -f ../containers/agentless/Dockerfile ../containers/agentless
 
           cat metadata.json
           echo "digest=$(cat metadata.json | jq -r .\"containerimage.digest\")" >> $GITHUB_OUTPUT
@@ -65,6 +75,7 @@ jobs:
       # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see [AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds). 
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v2
+        if: ${{ github.event.action != 'pull_request' }}
         with:
           subject-name: ${{ env.REGISTRY }}/${{env.IMAGE_NAME}}/agentless
           subject-digest: ${{ steps.build.outputs.digest }}
