From 0a77cffcb95a7b523da18b263078fa6e188eff6c Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jkukkonen@google.com>
Date: Fri, 17 Mar 2023 15:41:12 +0200
Subject: [PATCH] CI: limit kms test runs to upstream repo

* tests can only pass if the KMS allows the repository to authenticate
* even the failure will fail on a fresh clone as the issue filing fails
  by default (as issues are not enabled)
---
 .github/workflows/test-kms.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/test-kms.yml b/.github/workflows/test-kms.yml
index e425b897..bc7087ae 100644
--- a/.github/workflows/test-kms.yml
+++ b/.github/workflows/test-kms.yml
@@ -9,6 +9,7 @@ permissions: {}
 jobs:
   test-kms:
     runs-on: ubuntu-latest
+    if: github.repository_owner == 'secure-systems-lab' # only run upstream
 
     permissions:
       id-token: 'write' # for OIDC auth for GCP authentication