From 5a31ae8ea0a3c0178ad8ee155c420412d18ae2bd Mon Sep 17 00:00:00 2001
From: Dianjin Wang <wangdianjin@gmail.com>
Date: Mon, 20 Oct 2025 14:55:14 +0800
Subject: [PATCH 1/2] CI: support run docker build/test on PR

Enable both docker-cbdb-build-containers and docker-cbdb-test-containers
workflows to run on pull_request when files under their respective Docker
paths change.

Main changes:
* Add pull_request triggers with path filters:
 - build: devops/deploy/docker/build/**
 - test: devops/deploy/docker/test/**

Guard Docker hub login and multi-arch push steps so they run only push
to refs/heads/main.
---
 .github/workflows/docker-cbdb-build-containers.yml | 7 +++++--
 .github/workflows/docker-cbdb-test-containers.yml  | 7 +++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/docker-cbdb-build-containers.yml b/.github/workflows/docker-cbdb-build-containers.yml
index 62973613a48..4080c1fa403 100644
--- a/.github/workflows/docker-cbdb-build-containers.yml
+++ b/.github/workflows/docker-cbdb-build-containers.yml
@@ -61,6 +61,9 @@ on:
       - 'devops/deploy/docker/build/rocky8/**'
       - 'devops/deploy/docker/build/rocky9/**'
       - 'devops/deploy/docker/build/ubuntu22.04/**'
+  pull_request:
+    paths:
+      - 'devops/deploy/docker/build/**'
   workflow_dispatch:  # Manual trigger
 
 # Prevent multiple workflow runs from interfering with each other
@@ -116,7 +119,7 @@ jobs:
       # Login to DockerHub for pushing images
       # Requires DOCKERHUB_USER and DOCKERHUB_TOKEN secrets to be set
       - name: Login to Docker Hub
-        if: ${{ steps.platform-filter.outputs[matrix.platform] == 'true' }}
+        if: ${{ steps.platform-filter.outputs[matrix.platform] == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
@@ -165,7 +168,7 @@ jobs:
       # Build and push multi-architecture images
       # This creates a manifest list that supports both architectures
       - name: Build and Push Multi-arch Docker images
-        if: ${{ steps.platform-filter.outputs[matrix.platform] == 'true' }}
+        if: ${{ steps.platform-filter.outputs[matrix.platform] == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
         uses: docker/build-push-action@v6
         with:
           context: ./devops/deploy/docker/build/${{ matrix.platform }}
diff --git a/.github/workflows/docker-cbdb-test-containers.yml b/.github/workflows/docker-cbdb-test-containers.yml
index 57d8819bcd3..2f3f0c14203 100644
--- a/.github/workflows/docker-cbdb-test-containers.yml
+++ b/.github/workflows/docker-cbdb-test-containers.yml
@@ -50,6 +50,9 @@ on:
       - 'devops/deploy/docker/test/rocky8/**'
       - 'devops/deploy/docker/test/rocky9/**'
       - 'devops/deploy/docker/test/ubuntu22.04/**'
+  pull_request:
+    paths:
+      - 'devops/deploy/docker/test/**'
   workflow_dispatch:  # Manual trigger
 
 # Prevent multiple workflow runs from interfering with each other
@@ -104,7 +107,7 @@ jobs:
 
       # Login to DockerHub for pushing images
       - name: Login to Docker Hub
-        if: ${{ steps.platform-filter.outputs[matrix.platform] == 'true' }}
+        if: ${{ steps.platform-filter.outputs[matrix.platform] == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
@@ -135,7 +138,7 @@ jobs:
       # Build and push multi-architecture images
       # Creates a manifest list that supports both architectures
       - name: Build and Push Multi-arch Docker images
-        if: ${{ steps.platform-filter.outputs[matrix.platform] == 'true' }}
+        if: ${{ steps.platform-filter.outputs[matrix.platform] == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
         uses: docker/build-push-action@v6
         with:
           context: ./devops/deploy/docker/test/${{ matrix.platform }}

From 513b0ef15d9e1c35e5cd94a550dedf839b057b71 Mon Sep 17 00:00:00 2001
From: Dianjin Wang <wangdianjin@gmail.com>
Date: Wed, 29 Oct 2025 15:07:16 +0800
Subject: [PATCH 2/2] Add PR context notification to the Summary

---
 .github/workflows/docker-cbdb-build-containers.yml | 12 ++++++++++++
 .github/workflows/docker-cbdb-test-containers.yml  | 11 +++++++++++
 2 files changed, 23 insertions(+)

diff --git a/.github/workflows/docker-cbdb-build-containers.yml b/.github/workflows/docker-cbdb-build-containers.yml
index 4080c1fa403..1b13e9ff3f4 100644
--- a/.github/workflows/docker-cbdb-build-containers.yml
+++ b/.github/workflows/docker-cbdb-build-containers.yml
@@ -190,6 +190,18 @@ jobs:
       - name: Build Summary
         if: always()
         run: |
+          # Add PR context notification
+          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
+            echo "#### ℹ️  Pull Request Build" >> $GITHUB_STEP_SUMMARY
+            echo "This is a validation build. Images are built and tested locally but **not pushed to Docker Hub** for security." >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "- ✅ Dockerfile syntax validated" >> $GITHUB_STEP_SUMMARY
+            echo "- ✅ Multi-architecture builds tested" >> $GITHUB_STEP_SUMMARY
+            echo "- ✅ TestInfra tests executed" >> $GITHUB_STEP_SUMMARY
+            echo "- ⏭️  Docker Hub push skipped (requires main branch)" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+          fi
+
           echo "### Build Summary for ${{ matrix.platform }} 🚀" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "#### 🔍 Build Information" >> $GITHUB_STEP_SUMMARY
diff --git a/.github/workflows/docker-cbdb-test-containers.yml b/.github/workflows/docker-cbdb-test-containers.yml
index 2f3f0c14203..fcee6fa41b6 100644
--- a/.github/workflows/docker-cbdb-test-containers.yml
+++ b/.github/workflows/docker-cbdb-test-containers.yml
@@ -164,6 +164,17 @@ jobs:
       - name: Build Summary
         if: always()
         run: |
+          # Add PR context notification
+          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
+            echo "#### ℹ️  Pull Request Build" >> $GITHUB_STEP_SUMMARY
+            echo "This is a validation build. Images are built and tested locally but **not pushed to Docker Hub** for security." >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "- ✅ Dockerfile syntax validated" >> $GITHUB_STEP_SUMMARY
+            echo "- ✅ Multi-architecture builds tested" >> $GITHUB_STEP_SUMMARY
+            echo "- ⏭️  Docker Hub push skipped (requires main branch)" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+          fi
+
           echo "### Build Summary for ${{ matrix.platform }} 🚀" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "#### 🔍 Build Information" >> $GITHUB_STEP_SUMMARY