From 1d28e084545c3d9eab4e3e9d6051812d8738e7d8 Mon Sep 17 00:00:00 2001 From: Madison Swain-Bowden Date: Thu, 8 Feb 2024 13:24:13 -0800 Subject: [PATCH 1/2] Prevent running certain workflows on forks --- .github/workflows/generate_pot.yml | 1 + .github/workflows/issue_automations.yml | 1 + .github/workflows/label_sync.yml | 1 + .github/workflows/pr_automations.yml | 1 + .github/workflows/pr_automations_init.yml | 1 + .github/workflows/pr_ping.yml | 3 ++- .github/workflows/project_thread_update_reminders.yml | 1 + .github/workflows/release-app.yml | 1 + .github/workflows/renovate.yml | 2 +- .github/workflows/subscribe_to_label.yml | 1 + .github/workflows/sync_meta.yml | 1 + .github/workflows/weekly_updates.yml | 1 + 12 files changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/workflows/generate_pot.yml b/.github/workflows/generate_pot.yml index 0d7b7e3c2e8..efa375d610d 100644 --- a/.github/workflows/generate_pot.yml +++ b/.github/workflows/generate_pot.yml @@ -16,6 +16,7 @@ jobs: generate-pot: name: Generate POT file runs-on: ubuntu-latest + if: github.repository_owner == 'WordPress' steps: - name: Checkout repository uses: actions/checkout@v4 diff --git a/.github/workflows/issue_automations.yml b/.github/workflows/issue_automations.yml index fd6fefbfcf7..bdc5e2eadfe 100644 --- a/.github/workflows/issue_automations.yml +++ b/.github/workflows/issue_automations.yml @@ -18,6 +18,7 @@ jobs: run: name: Perform issue automations runs-on: ubuntu-latest + if: github.repository_owner == 'WordPress' steps: - name: Checkout repository uses: actions/checkout@v4 diff --git a/.github/workflows/label_sync.yml b/.github/workflows/label_sync.yml index d4d3710faea..738f5e6c1a8 100644 --- a/.github/workflows/label_sync.yml +++ b/.github/workflows/label_sync.yml @@ -10,6 +10,7 @@ jobs: sync_labels: name: Sync labels runs-on: ubuntu-latest + if: github.repository_owner == 'WordPress' steps: - name: Checkout repository uses: actions/checkout@v4 diff --git a/.github/workflows/pr_automations.yml b/.github/workflows/pr_automations.yml index bfc8c0e6c1b..76bd4af51e5 100644 --- a/.github/workflows/pr_automations.yml +++ b/.github/workflows/pr_automations.yml @@ -33,6 +33,7 @@ jobs: run: name: Perform PR automations runs-on: ubuntu-latest + if: github.repository_owner == 'WordPress' steps: - name: Checkout repository uses: actions/checkout@v4 diff --git a/.github/workflows/pr_automations_init.yml b/.github/workflows/pr_automations_init.yml index acae02e9253..2fbd2cb440d 100644 --- a/.github/workflows/pr_automations_init.yml +++ b/.github/workflows/pr_automations_init.yml @@ -34,6 +34,7 @@ jobs: run: name: Save event info runs-on: ubuntu-latest + if: github.repository_owner == 'WordPress' steps: - name: Save event info run: | diff --git a/.github/workflows/pr_ping.yml b/.github/workflows/pr_ping.yml index 9bc827f86f6..f2ca92428da 100644 --- a/.github/workflows/pr_ping.yml +++ b/.github/workflows/pr_ping.yml @@ -12,7 +12,8 @@ jobs: name: Send Slack message if: | github.actor != 'dependabot[bot]' && - !startsWith(github.event.pull_request.title, '🔄') + !startsWith(github.event.pull_request.title, '🔄') && + github.repository_owner == 'WordPress' runs-on: ubuntu-latest env: pr_url: ${{ github.event.pull_request.html_url }} diff --git a/.github/workflows/project_thread_update_reminders.yml b/.github/workflows/project_thread_update_reminders.yml index 9d3c8319b60..a6f8efe7a5a 100644 --- a/.github/workflows/project_thread_update_reminders.yml +++ b/.github/workflows/project_thread_update_reminders.yml @@ -8,6 +8,7 @@ on: jobs: send-reminders: runs-on: ubuntu-latest + if: github.repository_owner == 'WordPress' steps: - uses: actions/checkout@v4 - uses: actions/github-script@v6 diff --git a/.github/workflows/release-app.yml b/.github/workflows/release-app.yml index 762b5955f5d..6439159e983 100644 --- a/.github/workflows/release-app.yml +++ b/.github/workflows/release-app.yml @@ -23,6 +23,7 @@ jobs: release-app: name: Release app runs-on: ubuntu-latest + if: github.repository_owner == 'WordPress' permissions: # Needed to create the GitHub release on the repo contents: write diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml index d10eeda76dd..41155032528 100644 --- a/.github/workflows/renovate.yml +++ b/.github/workflows/renovate.yml @@ -28,7 +28,7 @@ env: jobs: renovate: runs-on: ubuntu-latest - if: github.repository == 'WordPress/openverse' + if: github.repository_owner == 'WordPress' steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/subscribe_to_label.yml b/.github/workflows/subscribe_to_label.yml index 06c5de46eae..686d22dff52 100644 --- a/.github/workflows/subscribe_to_label.yml +++ b/.github/workflows/subscribe_to_label.yml @@ -8,6 +8,7 @@ on: jobs: subscribe: runs-on: ubuntu-latest + if: github.repository_owner == 'WordPress' steps: - uses: bytecodealliance/subscribe-to-label-action@v1 with: diff --git a/.github/workflows/sync_meta.yml b/.github/workflows/sync_meta.yml index 5ca5d35fbb3..3594a032036 100644 --- a/.github/workflows/sync_meta.yml +++ b/.github/workflows/sync_meta.yml @@ -16,6 +16,7 @@ jobs: sync_meta: name: Sync meta files runs-on: ubuntu-latest + if: github.repository_owner == 'WordPress' steps: - name: Checkout repository uses: actions/checkout@v4 diff --git a/.github/workflows/weekly_updates.yml b/.github/workflows/weekly_updates.yml index b39018d7c39..825ba16bbcc 100644 --- a/.github/workflows/weekly_updates.yml +++ b/.github/workflows/weekly_updates.yml @@ -15,6 +15,7 @@ jobs: make_post: name: Create post on Make site runs-on: ubuntu-latest + if: github.repository_owner == 'WordPress' steps: - name: Checkout repository uses: actions/checkout@v4 From 6837fb768636d48e14402d028a56ca21861e16ac Mon Sep 17 00:00:00 2001 From: Madison Swain-Bowden Date: Fri, 9 Feb 2024 07:34:37 -0800 Subject: [PATCH 2/2] Add a comment for the expression --- .github/workflows/generate_pot.yml | 1 + .github/workflows/issue_automations.yml | 1 + .github/workflows/label_sync.yml | 1 + .github/workflows/pr_automations.yml | 1 + .github/workflows/pr_automations_init.yml | 1 + .github/workflows/pr_ping.yml | 2 ++ .github/workflows/project_thread_update_reminders.yml | 1 + .github/workflows/release-app.yml | 1 + .github/workflows/renovate.yml | 1 + .github/workflows/subscribe_to_label.yml | 1 + .github/workflows/sync_meta.yml | 1 + .github/workflows/weekly_updates.yml | 1 + 12 files changed, 13 insertions(+) diff --git a/.github/workflows/generate_pot.yml b/.github/workflows/generate_pot.yml index efa375d610d..b1af0babeef 100644 --- a/.github/workflows/generate_pot.yml +++ b/.github/workflows/generate_pot.yml @@ -16,6 +16,7 @@ jobs: generate-pot: name: Generate POT file runs-on: ubuntu-latest + # Prevent running this workflow on forks, it's unnecessary for external contributors if: github.repository_owner == 'WordPress' steps: - name: Checkout repository diff --git a/.github/workflows/issue_automations.yml b/.github/workflows/issue_automations.yml index bdc5e2eadfe..3e0a6678174 100644 --- a/.github/workflows/issue_automations.yml +++ b/.github/workflows/issue_automations.yml @@ -18,6 +18,7 @@ jobs: run: name: Perform issue automations runs-on: ubuntu-latest + # Prevent running this workflow on forks, it's unnecessary for external contributors if: github.repository_owner == 'WordPress' steps: - name: Checkout repository diff --git a/.github/workflows/label_sync.yml b/.github/workflows/label_sync.yml index 738f5e6c1a8..fae7b762019 100644 --- a/.github/workflows/label_sync.yml +++ b/.github/workflows/label_sync.yml @@ -10,6 +10,7 @@ jobs: sync_labels: name: Sync labels runs-on: ubuntu-latest + # Prevent running this workflow on forks, it's unnecessary for external contributors if: github.repository_owner == 'WordPress' steps: - name: Checkout repository diff --git a/.github/workflows/pr_automations.yml b/.github/workflows/pr_automations.yml index 76bd4af51e5..4e67624fad9 100644 --- a/.github/workflows/pr_automations.yml +++ b/.github/workflows/pr_automations.yml @@ -33,6 +33,7 @@ jobs: run: name: Perform PR automations runs-on: ubuntu-latest + # Prevent running this workflow on forks, it's unnecessary for external contributors if: github.repository_owner == 'WordPress' steps: - name: Checkout repository diff --git a/.github/workflows/pr_automations_init.yml b/.github/workflows/pr_automations_init.yml index 2fbd2cb440d..e54540b5699 100644 --- a/.github/workflows/pr_automations_init.yml +++ b/.github/workflows/pr_automations_init.yml @@ -34,6 +34,7 @@ jobs: run: name: Save event info runs-on: ubuntu-latest + # Prevent running this workflow on forks, it's unnecessary for external contributors if: github.repository_owner == 'WordPress' steps: - name: Save event info diff --git a/.github/workflows/pr_ping.yml b/.github/workflows/pr_ping.yml index f2ca92428da..b48eecfc5ba 100644 --- a/.github/workflows/pr_ping.yml +++ b/.github/workflows/pr_ping.yml @@ -10,6 +10,8 @@ on: jobs: send_message: name: Send Slack message + # Prevent running this workflow on forks, it's unnecessary for external contributors + # Also prevent running this for bot-related PRs if: | github.actor != 'dependabot[bot]' && !startsWith(github.event.pull_request.title, '🔄') && diff --git a/.github/workflows/project_thread_update_reminders.yml b/.github/workflows/project_thread_update_reminders.yml index a6f8efe7a5a..293d780bd41 100644 --- a/.github/workflows/project_thread_update_reminders.yml +++ b/.github/workflows/project_thread_update_reminders.yml @@ -8,6 +8,7 @@ on: jobs: send-reminders: runs-on: ubuntu-latest + # Prevent running this workflow on forks, it's unnecessary for external contributors if: github.repository_owner == 'WordPress' steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/release-app.yml b/.github/workflows/release-app.yml index 6439159e983..eea0a3fbd92 100644 --- a/.github/workflows/release-app.yml +++ b/.github/workflows/release-app.yml @@ -23,6 +23,7 @@ jobs: release-app: name: Release app runs-on: ubuntu-latest + # Prevent running this workflow on forks, it's unnecessary for external contributors if: github.repository_owner == 'WordPress' permissions: # Needed to create the GitHub release on the repo diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml index 41155032528..88b06b2d134 100644 --- a/.github/workflows/renovate.yml +++ b/.github/workflows/renovate.yml @@ -28,6 +28,7 @@ env: jobs: renovate: runs-on: ubuntu-latest + # Prevent running this workflow on forks, it's unnecessary for external contributors if: github.repository_owner == 'WordPress' steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/subscribe_to_label.yml b/.github/workflows/subscribe_to_label.yml index 686d22dff52..a2b9b0aca3d 100644 --- a/.github/workflows/subscribe_to_label.yml +++ b/.github/workflows/subscribe_to_label.yml @@ -8,6 +8,7 @@ on: jobs: subscribe: runs-on: ubuntu-latest + # Prevent running this workflow on forks, it's unnecessary for external contributors if: github.repository_owner == 'WordPress' steps: - uses: bytecodealliance/subscribe-to-label-action@v1 diff --git a/.github/workflows/sync_meta.yml b/.github/workflows/sync_meta.yml index 3594a032036..06d54caa360 100644 --- a/.github/workflows/sync_meta.yml +++ b/.github/workflows/sync_meta.yml @@ -16,6 +16,7 @@ jobs: sync_meta: name: Sync meta files runs-on: ubuntu-latest + # Prevent running this workflow on forks, it's unnecessary for external contributors if: github.repository_owner == 'WordPress' steps: - name: Checkout repository diff --git a/.github/workflows/weekly_updates.yml b/.github/workflows/weekly_updates.yml index 825ba16bbcc..6c52d0aee26 100644 --- a/.github/workflows/weekly_updates.yml +++ b/.github/workflows/weekly_updates.yml @@ -15,6 +15,7 @@ jobs: make_post: name: Create post on Make site runs-on: ubuntu-latest + # Prevent running this workflow on forks, it's unnecessary for external contributors if: github.repository_owner == 'WordPress' steps: - name: Checkout repository