From 99e9e1395d5d31f4121c8fa5d1d910bac4908006 Mon Sep 17 00:00:00 2001 From: Alex Crichton Date: Thu, 21 Apr 2022 11:45:48 -0500 Subject: [PATCH] Update more workflows to only this repository (#4062) * Update more workflows to only this repository This adds `if: github.repository == 'bytecodealliance/wasmtime'` to a few more workflows related to the release process which should only run in this repository and no other (e.g. forks). * Also only run verify-publish in the upstream repo No need for local deelopment to be burdened with ensuring everything is actually publish-able, that's just a concern for the main repository. * Gate workflows which need secrets on this repository --- .github/workflows/main.yml | 5 +++-- .github/workflows/publish-to-cratesio.yml | 1 + .github/workflows/push-tag.yml | 1 + .github/workflows/release-process.yml | 1 + 4 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f6510297be..2e02c5f679 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -113,7 +113,7 @@ jobs: GITHUB_DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }} BUILD_REPOSITORY_ID: ${{ github.repository }} BUILD_SOURCEVERSION: ${{ github.sha }} - if: github.event_name == 'push' && github.ref == 'refs/heads/main' + if: github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'bytecodealliance/wasmtime' # Quick checks of various feature combinations and whether things # compile. The goal here isn't to run tests, mostly just serve as a @@ -440,13 +440,14 @@ jobs: - run: cd .github/actions/github-release && npm install --production - name: Publish Release uses: ./.github/actions/github-release - if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) + if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) && github.repository == 'bytecodealliance/wasmtime' with: files: "dist/*" token: ${{ secrets.GITHUB_TOKEN }} continue-on-error: true verify-publish: + if: github.repository == 'bytecodealliance/wasmtime' runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/publish-to-cratesio.yml b/.github/workflows/publish-to-cratesio.yml index 68bb056a0f..7fe1991f4e 100644 --- a/.github/workflows/publish-to-cratesio.yml +++ b/.github/workflows/publish-to-cratesio.yml @@ -11,6 +11,7 @@ on: jobs: publish: + if: github.repository == 'bytecodealliance/wasmtime' runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/push-tag.yml b/.github/workflows/push-tag.yml index cf896eacbf..97c67608fb 100644 --- a/.github/workflows/push-tag.yml +++ b/.github/workflows/push-tag.yml @@ -14,6 +14,7 @@ on: jobs: push_tag: + if: github.repository == 'bytecodealliance/wasmtime' runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/release-process.yml b/.github/workflows/release-process.yml index c9bc387f52..5c043b0525 100644 --- a/.github/workflows/release-process.yml +++ b/.github/workflows/release-process.yml @@ -34,6 +34,7 @@ on: jobs: release_process: + if: github.repository == 'bytecodealliance/wasmtime' name: Run the release process runs-on: ubuntu-latest steps: