[Feature] Build PRs, but don't deploy

[alexellis]

For this feature PRs would be built, but not deployed.

PRs and branches are currently skipped, but if unit tests are sufficient to validate a PR (they often can be), then this feature would allow for that.

Goals

Build and run CI for a PR, update its commit status

Non-goals

Do not push to a registry

A deployment pipeline for PRs is complicated since if the PR relies on secrets, we cannot give the author of the PR access to the real secret in the cluster, and we have no way for them to provide their own. An option for this feature, if really needed would be for the owner to add a label like "ok-to-test" (suggestion via @stefanprodan)

Technical changes

1. Determine the difference between a push event and a PR
2. Fork the code path to two different types of flow - "import secrets, build, push, deploy" and "simply build"
3. Fork the status updates to show build status vs deploy status.

[alexellis]

@Waterdrips thoughts on this?

[Waterdrips]

Depends on the discussions around the "build time secrets" work (i.e. pulling private NPM repos) - could we see a case where secrets can be leaked that way by writing a test that echos $ENV and therefore any secrets in there?