From 0fed8b45c2f84f38f0329c1c826d23a32333aea5 Mon Sep 17 00:00:00 2001 From: Pepijn Date: Mon, 20 Apr 2026 14:27:06 +0200 Subject: [PATCH] ci: gate Docker Hub login on secret availability Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/benchmark_tests.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/benchmark_tests.yml b/.github/workflows/benchmark_tests.yml index 0c64c159c..9b11c8c19 100644 --- a/.github/workflows/benchmark_tests.yml +++ b/.github/workflows/benchmark_tests.yml @@ -83,10 +83,13 @@ jobs: cache-binary: false - name: Login to Docker Hub + if: ${{ env.DOCKERHUB_USERNAME != '' }} uses: docker/login-action@v3 # zizmor: ignore[unpinned-uses] with: username: ${{ secrets.DOCKERHUB_LEROBOT_USERNAME }} password: ${{ secrets.DOCKERHUB_LEROBOT_PASSWORD }} + env: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_LEROBOT_USERNAME }} # Build the benchmark-specific image. The Dockerfile separates dep-install # from source-copy, so code-only changes skip the slow uv-sync layer @@ -238,10 +241,13 @@ jobs: cache-binary: false - name: Login to Docker Hub + if: ${{ env.DOCKERHUB_USERNAME != '' }} uses: docker/login-action@v3 # zizmor: ignore[unpinned-uses] with: username: ${{ secrets.DOCKERHUB_LEROBOT_USERNAME }} password: ${{ secrets.DOCKERHUB_LEROBOT_PASSWORD }} + env: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_LEROBOT_USERNAME }} - name: Build MetaWorld benchmark image uses: docker/build-push-action@v6 # zizmor: ignore[unpinned-uses] @@ -335,10 +341,13 @@ jobs: cache-binary: false - name: Login to Docker Hub + if: ${{ env.DOCKERHUB_USERNAME != '' }} uses: docker/login-action@v3 # zizmor: ignore[unpinned-uses] with: username: ${{ secrets.DOCKERHUB_LEROBOT_USERNAME }} password: ${{ secrets.DOCKERHUB_LEROBOT_PASSWORD }} + env: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_LEROBOT_USERNAME }} # Build the full-install image: SAPIEN, mplib, CuRobo, pytorch3d + # simulation assets (~4 GB). Layer cache lives in the runner's local