From 02ce8fdf0deac5c52a98070d9970fbd1b5654490 Mon Sep 17 00:00:00 2001
From: Tim Schumacher <timschumi@gmx.de>
Date: Sun, 5 Jan 2025 01:30:28 +0100
Subject: [PATCH] docker: Don't push to the registry for Pull Requests

This requires more thought on how to handle secrets, and whether to just
omit it permanently.
---
 .github/workflows/ci-docker.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci-docker.yml b/.github/workflows/ci-docker.yml
index 6965c773..3d47d3c6 100644
--- a/.github/workflows/ci-docker.yml
+++ b/.github/workflows/ci-docker.yml
@@ -45,13 +45,14 @@ jobs:
         with:
           context: .
           platforms: linux/amd64,linux/arm64,linux/arm/v7,windows/amd64
-          push: true
+          push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           pull: true
           cache-from: type=gha, scope=${{ github.workflow }}
           cache-to: type=gha, scope=${{ github.workflow }}
       - name: Generate build provenance attestation
+        if: ${{ github.event_name != 'pull_request' }}
         uses: actions/attest-build-provenance@v2
         with:
           subject-name: ghcr.io/${{ github.repository }}