From 8a9d7710d176840cfa22392e2d94780f7d7bc1ef Mon Sep 17 00:00:00 2001
From: Brian Foshee <brian.foshee@nytimes.com>
Date: Fri, 18 Aug 2023 11:53:34 -0400
Subject: [PATCH] create separate pull request actions workflow

PRs don't have access to secrets so the logging in to docker hub step
fails.

also enable slack note
---
 .github/workflows/build.yml        | 31 ++++++++++-----------
 .github/workflows/pull_request.yml | 43 ++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 17 deletions(-)
 create mode 100644 .github/workflows/pull_request.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e8d45c5..0e5912e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -2,11 +2,10 @@ name: Build and Push Docker Image
 
 on:
   push:
-    branches: [ "main" ]
+    branches:
+      - main
     tags:
       - '*'
-  pull_request:
-    branches: [ "main" ]
 
 jobs:
   build:
@@ -48,20 +47,18 @@ jobs:
       with:
         context: .
         platforms: linux/amd64
-        push: ${{ github.event_name != 'pull_request' }}
+        push: true
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
 
-          # commenting out until we get the webhook secret
-          #- name: Send GitHub Action trigger data to Slack workflow
-          #  id: slack
-          #  uses: slackapi/slack-github-action@v1.23.0
-          #  if: ${{ github.event_name != 'pull_request' }}
-          #  with:
-          #    payload: |
-          #      {
-          #        "text": "GitHub Actions Build Result: ${{ job.status }}\n triggered_by: ${{ github.actor }}\n job url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n commit url: ${{ github.event.head_commit.url }}"
-          #      }
-          #  env:
-          #    # webhook for #dv-cdp-alerts
-          #    SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+    - name: Send GitHub Action trigger data to Slack workflow
+      id: slack
+      uses: slackapi/slack-github-action@v1.23.0
+      if: ${{ github.event_name != 'pull_request' }}
+      with:
+        payload: |
+          {
+            "text": "GitHub Actions Build Result: ${{ job.status }}\n triggered_by: ${{ github.actor }}\n job url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n commit url: ${{ github.event.head_commit.url }}"
+          }
+      env:
+        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
new file mode 100644
index 0000000..c6b5d30
--- /dev/null
+++ b/.github/workflows/pull_request.yml
@@ -0,0 +1,43 @@
+name: Test Docker Image Build
+
+on:
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: write
+      checks: write
+      contents: write
+      deployments: write
+      id-token: write
+      issues: write
+      pull-requests: write
+      security-events: write
+      statuses: write
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Set Docker Metadata
+      id: meta
+      uses: docker/metadata-action@v4
+      with:
+        images: nytimes/golang-gcloud-sdk
+        tags: |
+          type=raw,value=latest,enable={{is_default_branch}}
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+          type=semver,pattern={{major}}
+
+    - name: Build Image
+      uses: docker/build-push-action@v4
+      with:
+        context: .
+        platforms: linux/amd64
+        push: false
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}