CI: support run docker build/test on PR

Enable both docker-cbdb-build-containers and docker-cbdb-test-containers
workflows to run on pull_request when files under their respective Docker
paths change.

Main changes:
* Add pull_request triggers with path filters:
 - build: devops/deploy/docker/build/**
 - test: devops/deploy/docker/test/**

Guard Docker hub login and multi-arch push steps so they run only push
to refs/heads/main.

Author: tuhaihe

.github/workflows/docker-cbdb-build-containers.yml

@@ -61,6 +61,9 @@ on:
       - 'devops/deploy/docker/build/rocky8/**'
       - 'devops/deploy/docker/build/rocky9/**'
       - 'devops/deploy/docker/build/ubuntu22.04/**'
+  pull_request:
+    paths:
+      - 'devops/deploy/docker/build/**'
   workflow_dispatch:  # Manual trigger
 
 # Prevent multiple workflow runs from interfering with each other
@@ -116,7 +119,7 @@ jobs:
       # Login to DockerHub for pushing images
       # Requires DOCKERHUB_USER and DOCKERHUB_TOKEN secrets to be set
       - name: Login to Docker Hub
-        if: ${{ steps.platform-filter.outputs[matrix.platform] == 'true' }}
+        if: ${{ steps.platform-filter.outputs[matrix.platform] == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
@@ -165,7 +168,7 @@ jobs:
       # Build and push multi-architecture images
       # This creates a manifest list that supports both architectures
       - name: Build and Push Multi-arch Docker images
-        if: ${{ steps.platform-filter.outputs[matrix.platform] == 'true' }}
+        if: ${{ steps.platform-filter.outputs[matrix.platform] == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
         uses: docker/build-push-action@v6
         with:
           context: ./devops/deploy/docker/build/${{ matrix.platform }}
@@ -187,6 +190,18 @@ jobs:
       - name: Build Summary
         if: always()
         run: |
+          # Add PR context notification
+          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
+            echo "#### ℹ️  Pull Request Build" >> $GITHUB_STEP_SUMMARY
+            echo "This is a validation build. Images are built and tested locally but **not pushed to Docker Hub** for security." >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "- ✅ Dockerfile syntax validated" >> $GITHUB_STEP_SUMMARY
+            echo "- ✅ Multi-architecture builds tested" >> $GITHUB_STEP_SUMMARY
+            echo "- ✅ TestInfra tests executed" >> $GITHUB_STEP_SUMMARY
+            echo "- ⏭️  Docker Hub push skipped (requires main branch)" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+          fi
+
           echo "### Build Summary for ${{ matrix.platform }} 🚀" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "#### 🔍 Build Information" >> $GITHUB_STEP_SUMMARY

.github/workflows/docker-cbdb-test-containers.yml

@@ -50,6 +50,9 @@ on:
       - 'devops/deploy/docker/test/rocky8/**'
       - 'devops/deploy/docker/test/rocky9/**'
       - 'devops/deploy/docker/test/ubuntu22.04/**'
+  pull_request:
+    paths:
+      - 'devops/deploy/docker/test/**'
   workflow_dispatch:  # Manual trigger
 
 # Prevent multiple workflow runs from interfering with each other
@@ -104,7 +107,7 @@ jobs:
 
       # Login to DockerHub for pushing images
       - name: Login to Docker Hub
-        if: ${{ steps.platform-filter.outputs[matrix.platform] == 'true' }}
+        if: ${{ steps.platform-filter.outputs[matrix.platform] == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
@@ -135,7 +138,7 @@ jobs:
       # Build and push multi-architecture images
       # Creates a manifest list that supports both architectures
       - name: Build and Push Multi-arch Docker images
-        if: ${{ steps.platform-filter.outputs[matrix.platform] == 'true' }}
+        if: ${{ steps.platform-filter.outputs[matrix.platform] == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
         uses: docker/build-push-action@v6
         with:
           context: ./devops/deploy/docker/test/${{ matrix.platform }}
@@ -161,6 +164,17 @@ jobs:
       - name: Build Summary
         if: always()
         run: |
+          # Add PR context notification
+          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
+            echo "#### ℹ️  Pull Request Build" >> $GITHUB_STEP_SUMMARY
+            echo "This is a validation build. Images are built and tested locally but **not pushed to Docker Hub** for security." >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "- ✅ Dockerfile syntax validated" >> $GITHUB_STEP_SUMMARY
+            echo "- ✅ Multi-architecture builds tested" >> $GITHUB_STEP_SUMMARY
+            echo "- ⏭️  Docker Hub push skipped (requires main branch)" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+          fi
+
           echo "### Build Summary for ${{ matrix.platform }} 🚀" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "#### 🔍 Build Information" >> $GITHUB_STEP_SUMMARY