6060 detect :
6161 name : Detect Fork
6262 runs-on : ubuntu-latest
63+ timeout-minutes : 5
6364 permissions : {}
6465 outputs :
6566 is-fork : ${{ steps.check.outputs.is-fork }}
7273
7374 matrix :
7475 name : Image Matrix
76+ needs : detect
7577 runs-on : ubuntu-latest
78+ timeout-minutes : 10
7679 permissions :
7780 contents : read
7881 outputs :
8184
8285 steps :
8386 - name : Checkout
84- uses : actions/checkout@v6
87+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
8588
8689 - name : Install
8790 uses : " posit-dev/images-shared/setup-bakery@main"
@@ -91,11 +94,17 @@ jobs:
9194 - name : Images by Version/Platform
9295 id : images-by-platform
9396 env :
97+ IS_FORK : ${{ needs.detect.outputs.is-fork }}
9498 DEV_VERSIONS : ${{ inputs.dev-versions }}
9599 MATRIX_VERSIONS : ${{ inputs.matrix-versions }}
96100 BAKERY_CONTEXT : ${{ inputs.context }}
97101 run : |
98- echo "platform_matrix=$(bakery ci matrix --quiet --dev-versions "$DEV_VERSIONS" --matrix-versions "$MATRIX_VERSIONS" --context "$BAKERY_CONTEXT" | jq --compact-output .)" >> "$GITHUB_OUTPUT"
102+ FULL_MATRIX=$(bakery ci matrix --quiet --dev-versions "$DEV_VERSIONS" --matrix-versions "$MATRIX_VERSIONS" --context "$BAKERY_CONTEXT" | jq --compact-output .)
103+ if [ "$IS_FORK" = "true" ]; then
104+ # Skip arm64 for fork PRs — paid runners may not be available
105+ FULL_MATRIX=$(echo "$FULL_MATRIX" | jq --compact-output '[.[] | select(.platform != "linux/arm64")]')
106+ fi
107+ echo "platform_matrix=$FULL_MATRIX" >> "$GITHUB_OUTPUT"
99108
100109name : Images by Version
101110 id : images-by-version
@@ -111,6 +120,7 @@ jobs:
111120 needs :
112121 - detect
113122 - matrix
123+ timeout-minutes : 120
114124 permissions :
115125 contents : read
116126 packages : write
@@ -119,12 +129,10 @@ jobs:
119129 matrix :
120130 img : ${{ fromJson(needs.matrix.outputs.platform-matrix) }}
121131 runs-on : ${{ matrix.img.platform == 'linux/arm64' && inputs.arm64-builder || inputs.amd64-builder }}
122- # Skip arm64 for fork PRs — paid runners may not be available
123- if : needs.detect.outputs.is-fork != 'true' || matrix.img.platform != 'linux/arm64'
124132
125133 steps :
126134 - name : Checkout
127- uses : actions/checkout@v6
135+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
128136
129137 - name : Setup bakery
130138 uses : " posit-dev/images-shared/setup-bakery@main"
@@ -135,7 +143,7 @@ jobs:
135143 uses : " posit-dev/images-shared/setup-goss@main"
136144
137145 - name : Set up Docker
138- uses : docker/setup-docker-action@v5
146+ uses : docker/setup-docker-action@1a6edb0ba9ac496f6850236981f15d8f9a82254d # v5.0.0
139147 with :
140148 daemon-config : |
141149 {
@@ -145,14 +153,14 @@ jobs:
145153 }
146154
147155name : Setup docker buildx
148- uses : docker/setup-buildx-action@v4
156+ uses : docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
149157
150158 - name : Setup ORAS CLI
151- uses : oras-project/setup-oras@v1
159+ uses : oras-project/setup-oras@38de303aac69abb66f3e6255b7198bff35f323e3 # v2.0.0
152160
153161 - name : Login to GitHub Container Registry
154162 if : needs.detect.outputs.is-fork != 'true'
155- uses : docker/login-action@v4
163+ uses : docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
156164 with :
157165 registry : ghcr.io
158166 username : ${{ github.actor }}
0 commit comments