fix

2026-04-02 11:48:22 +01:00
parent 6b0990a364
commit a26d410c7b
2 changed files with 3 additions and 30 deletions
@@ -18,40 +18,12 @@ concurrency:
  cancel-in-progress: true

 jobs:
-  docker-build-and-publish:
-    if: ${{ inputs.PUBLISH == true }}
-    runs-on: blacksmith-4vcpu-ubuntu-2404
-    name: Build Docker image
-    permissions:
-      contents: read
-      packages: write # to be able to push images to ghcr.io
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-        with:
-          fetch-depth: 0
-          persist-credentials: false
-      - name: Login to Helm Chart & Container Image Registry
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ github.token }}
-      - name: Setup Docker Builder
-        uses: useblacksmith/setup-docker-builder@affa10db466676f3dfb3e54caeb228ee0691510f
-      - name: Build and push
-        uses: useblacksmith/build-push-action@30c71162f16ea2c27c3e21523255d209b8b538c1
-        with:
-          push: true
-          tags: ghcr.io/specklesystems/speckle-dui:${{ inputs.IMAGE_VERSION_TAG }}
-          file: ./deployment/docker/Dockerfile
-          network: host # to be able to connect to Tailscale and pull private base image during build
-          allow: network.host # to be able to connect to Tailscale and pull private base image during build
  docker-build:
-    if: ${{ inputs.PUBLISH == false }}
    runs-on: blacksmith-4vcpu-ubuntu-2404
    name: Build Docker image
    permissions:
      contents: read
+      packages: write # to be able to push images to ghcr.io. As permissions is static, it has to be granted even if PUBLISH is false
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
        with:
@@ -68,7 +40,7 @@ jobs:
      - name: Build and push
        uses: useblacksmith/build-push-action@30c71162f16ea2c27c3e21523255d209b8b538c1
        with:
-          push: false
+          push: ${{ inputs.PUBLISH }}
          tags: ghcr.io/specklesystems/speckle-dui:${{ inputs.IMAGE_VERSION_TAG }}
          file: ./deployment/docker/Dockerfile
          network: host # to be able to connect to Tailscale and pull private base image during build
@@ -36,3 +36,4 @@ jobs:
    secrets: {}
    permissions:
      contents: read
+      packages: write # to be able to push images to ghcr.io, even if PUBLISH is false, as permissions is static at workflow level