From f9f45b4ba4a59e886b3d1fe7da24d2a44dbeff04 Mon Sep 17 00:00:00 2001 From: zhzhuang-zju Date: Mon, 9 Dec 2024 17:41:45 +0800 Subject: [PATCH] prevent some jobs running from forked repository Signed-off-by: zhzhuang-zju --- .github/workflows/dockerhub-released-chart.yml | 4 ++++ .github/workflows/dockerhub-released-image.yml | 4 ++++ .github/workflows/release.yml | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/.github/workflows/dockerhub-released-chart.yml b/.github/workflows/dockerhub-released-chart.yml index bd8fe2c19d7a..a08091fb5b5d 100644 --- a/.github/workflows/dockerhub-released-chart.yml +++ b/.github/workflows/dockerhub-released-chart.yml @@ -9,6 +9,10 @@ jobs: publish-chart-to-dockerhub: name: publish to DockerHub runs-on: ubuntu-22.04 + # prevent job running from forked repository, otherwise + # 1. running on the forked repository would fail as missing necessary secret. + # 2. running on the forked repository would use unnecessary GitHub Action time. + if: ${{ github.repository == 'karmada-io/karmada' }} steps: - name: checkout code uses: actions/checkout@v4 diff --git a/.github/workflows/dockerhub-released-image.yml b/.github/workflows/dockerhub-released-image.yml index b1ff45d78dfc..78f34169dcc8 100644 --- a/.github/workflows/dockerhub-released-image.yml +++ b/.github/workflows/dockerhub-released-image.yml @@ -8,6 +8,10 @@ permissions: jobs: publish-image-to-dockerhub: name: publish to DockerHub + # prevent job running from forked repository, otherwise + # 1. running on the forked repository would fail as missing necessary secret. + # 2. running on the forked repository would use unnecessary GitHub Action time. + if: ${{ github.repository == 'karmada-io/karmada' }} permissions: id-token: write # To be able to get OIDC ID token to sign images. strategy: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7ec590721162..b7642b24b282 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -206,6 +206,10 @@ jobs: GH_TOKEN: ${{ github.token }} needs: - release-assests + # prevent job running from forked repository, otherwise + # 1. running on the forked repository would use unnecessary GitHub Action time. + # 2. running on the forked repository would open a PR to publish an inaccurate version of karmada in repo kubernetes-sigs/krew-index. + if: ${{ github.repository == 'karmada-io/karmada' }} name: Update krew-index runs-on: ubuntu-22.04 steps: