Run docker on forked pull requests (#1450)

* build docker on pull request

* run docker build on PRs

* remove if

* add permissions

* change ghcr login

* empty commit

* always use opendevin as org

* lowercase

* no client token

* dont push on forks

* remove env

* only cache-to if pushing

* fix org name

* fix owner

* Update containers/build.sh

Co-authored-by: Graham Neubig <neubig@gmail.com>

* lowercase

* remove tag prefix

* lowercase

---------

Co-authored-by: Graham Neubig <neubig@gmail.com>

.github/workflows/ghcr.yml

@@ -2,6 +2,9 @@ name: Publish Docker Image
 
 on:
   push:
+    branches:
+    - main
+  pull_request:
   workflow_dispatch:
     inputs:
       reason:
@@ -12,7 +15,11 @@ on:
 jobs:
   ghcr_build_and_push:
     runs-on: ubuntu-latest
-    if: github.event_name == 'push' || github.event.inputs.reason != ''
+
+    permissions:
+      contents: read
+      packages: write
+
     strategy:
       matrix:
         image: ["app", "evaluation", "sandbox"]
@@ -28,16 +35,25 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Log-in to ghcr.io
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+      - name: Login to ghcr
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Delete huge unnecessary tools folder
         run: rm -rf /opt/hostedtoolcache
 
       - name: Build and push ${{ matrix.image }}
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        run: |
+          ./containers/build.sh ${{ matrix.image }} ${{ github.repository_owner }} --push
+
+      - name: Build ${{ matrix.image }}
+        if: github.event.pull_request.head.repo.full_name != github.repository
         run: |
-          ORG_NAME=$(echo "${{ github.repository }}" | tr '[A-Z]' '[a-z]' | cut -d '/' -f 1)
-          ./containers/build.sh ${{ matrix.image }} $ORG_NAME --push
+          ./containers/build.sh ${{ matrix.image }} ${{ github.repository_owner }}
 
   docker_build_success:
     name: Docker Build Success

containers/build.sh

@@ -44,6 +44,7 @@ if [[ -n "$org_name" ]]; then
   DOCKER_ORG="$org_name"
 fi
 DOCKER_REPOSITORY=$DOCKER_REGISTRY/$DOCKER_ORG/$DOCKER_IMAGE
+DOCKER_REPOSITORY=${DOCKER_REPOSITORY,,} # lowercase
 echo "Repo: $DOCKER_REPOSITORY"
 echo "Base dir: $DOCKER_BASE_DIR"
 
@@ -53,12 +54,12 @@ for tag in ${tags[@]}; do
 done
 if [[ $push -eq 1 ]]; then
   args+=" --push"
+  args+=" --cache-to=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag,mode=max"
 fi
 
 docker buildx build \
   $args \
   --build-arg OPEN_DEVIN_BUILD_VERSION=$OPEN_DEVIN_BUILD_VERSION \
-  --cache-to=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag,mode=max \
   --cache-from=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag \
   --cache-from=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag_base-main \
   --platform linux/amd64,linux/arm64 \