[PR #1661] Update dev-image #1166

New Issue

Open

opened 2025-11-13 12:19:37 -06:00 by GiteaMirror · 0 comments

GiteaMirror commented 2025-11-13 12:19:37 -06:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/fosrl/pangolin/pull/1661
Author: @Lokowitz
Created: 10/13/2025
Status: 🔄 Open

Base: main ← Head: fix-dev-image

---

📝 Commits (5)

• 6879cd5 Update dev-image.yml
• e94a666 Merge remote-tracking branch 'upstream/main' into fix-dev-image
• 88b4321 Merge branch 'fosrl:main' into fix-dev-image
• 3877089 Enhance Docker build workflow with tagging and jobs
• d0c8b85 Fix Docker build args and add context in workflow

📊 Changes

1 file changed (+158 additions, -0 deletions)

View changed files

➕ .github/workflows/dev-image.yml (+158 -0)

📄 Description

Community Contribution License Agreement

By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.

Description

Sorry for the delay on fixing this.

I have been trying to figure out why this is failing and I think it is because actions from PRs can't use secrets because they would be accessible and leaked.
I removed it for now but am open to adding it back if we figure the right way to push.

Yes on pull_request is just working when someone from the team ist creating the PR, otherwiese no secrets will be available.
On pull_request_target secrects are available. But this workflow will then run with code from the PR target (trusted code).
So we have to merge in the new code with checkout. To be save that no one creates a PR which is stealing the secrets i have added an environment build-dev. This will bring up an approval for running the workflow.

It is not super nice to have this approval step but otherwise it will be to risky.

Important

Be sure to first create the environment and select at least one reviewer before merging.

Fix https://github.com/fosrl/pangolin/pull/1625

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/pangolin/pull/1661 **Author:** [@Lokowitz](https://github.com/Lokowitz) **Created:** 10/13/2025 **Status:** 🔄 Open **Base:** `main` ← **Head:** `fix-dev-image` --- ### 📝 Commits (5) - [`6879cd5`](https://github.com/fosrl/pangolin/commit/6879cd5d1feca522af4bf2cff1cbebe6de057da3) Update dev-image.yml - [`e94a666`](https://github.com/fosrl/pangolin/commit/e94a6666fe37ecef33045273c29c737c15d7ce25) Merge remote-tracking branch 'upstream/main' into fix-dev-image - [`88b4321`](https://github.com/fosrl/pangolin/commit/88b43215a09acb3e105869fdfc1da9535feddcc3) Merge branch 'fosrl:main' into fix-dev-image - [`3877089`](https://github.com/fosrl/pangolin/commit/38770896962c4b5299f3f83a084323d9510d94f2) Enhance Docker build workflow with tagging and jobs - [`d0c8b85`](https://github.com/fosrl/pangolin/commit/d0c8b856329b3be013c67dfb9ddc5f6e4292dcc0) Fix Docker build args and add context in workflow ### 📊 Changes **1 file changed** (+158 additions, -0 deletions) <details> <summary>View changed files</summary> ➕ `.github/workflows/dev-image.yml` (+158 -0) </details> ### 📄 Description ## Community Contribution License Agreement By creating this pull request, I grant the project maintainers an unlimited, perpetual license to use, modify, and redistribute these contributions under any terms they choose, including both the AGPLv3 and the Fossorial Commercial license terms. I represent that I have the right to grant this license for all contributed content. ## Description Sorry for the delay on fixing this. > I have been trying to figure out why this is failing and I think it is because actions from PRs can't use secrets because they would be accessible and leaked. > I removed it for now but am open to adding it back if we figure the right way to push. Yes on `pull_request` is just working when someone from the team ist creating the PR, otherwiese no secrets will be available. On `pull_request_target` secrects are available. But this workflow will then run with code from the PR target (trusted code). So we have to merge in the new code with `checkout`. To be save that no one creates a PR which is stealing the secrets i have added an environment `build-dev`. This will bring up an approval for running the workflow. It is not super nice to have this approval step but otherwise it will be to risky. > [!IMPORTANT] > Be sure to first create the environment and select at least one reviewer before merging. <img width="1183" height="662" alt="image" src="https://github.com/user-attachments/assets/51b73fbf-1299-4aff-b21e-64c729c3902f" /> Fix https://github.com/fosrl/pangolin/pull/1625 --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the

pull-request

label 2025-11-13 12:19:37 -06:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

crowdin_dev

dev

clients-user

client-user

dependabot/npm_and_yarn/prod-minor-updates-35f2f5c31e

dependabot/npm_and_yarn/prod-patch-updates-c7bc470e93

dependabot/npm_and_yarn/dev-patch-updates-42f78d98b0

dependabot/npm_and_yarn/dev-minor-updates-42b6b37ac0

dependabot/npm_and_yarn/next-16.0.7

1.12.3

dependabot/npm_and_yarn/nodemailer-7.0.11

dependabot/npm_and_yarn/express-5.2.1

dependabot/github_actions/actions/checkout-6.0.0

dependabot/github_actions/actions/setup-go-6.1.0

copilot/fix-hc-health-status-unknown

copilot/configure-auto-login-idp-blueprints

dependabot/npm_and_yarn/react-email/tailwind-2.0.1

dev-ms

copilot/fix-duplicate-docker-labels

copilot/fix-supporter-key-redeem

policies

revert-1588-patch-1

patch

site-targets-auto-login

1.12.3

1.12.2-s.4

1.12.2-s.3

1.12.2-s.2

1.12.2-s.1

1.12.2

1.12.2-s.0

1.12.1

1.12.0

1.12.0-s.0

1.12.0-rc.0

1.11.1

1.11.1-s.0

1.11.0-s.5

1.11.0

1.11.0-s.4

1.11.0-s.3

1.11.0-s.2

1.11.0-s.1

1.11.0-s.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

api

authentication

bug

config

dependencies

docker

documentation

enhancement

good first issue

help wanted

Improvement

Look Into

needs investigating

networking

new feature

non-critical bug

potential bug

pull-request

Mirrored from GitHub Pull Request

question

reverse proxy

Security

stale

ui

No Label

pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#1166

No description provided.