Update more workflows to only this repository (#4062)

* Update more workflows to only this repository This adds `if: github.repository == 'bytecodealliance/wasmtime'` to a few more workflows related to the release process which should only run in this repository and no other (e.g. forks). * Also only run verify-publish in the upstream repo No need for local deelopment to be burdened with ensuring everything is actually publish-able, that's just a concern for the main repository. * Gate workflows which need secrets on this repository
2022-04-21 11:45:48 -05:00
parent 5c2db166f1
commit 99e9e1395d
4 changed files with 6 additions and 2 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -113,7 +113,7 @@ jobs:
        GITHUB_DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
        BUILD_REPOSITORY_ID: ${{ github.repository }}
        BUILD_SOURCEVERSION: ${{ github.sha }}
-      if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+      if: github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'bytecodealliance/wasmtime'

  # Quick checks of various feature combinations and whether things
  # compile. The goal here isn't to run tests, mostly just serve as a
@@ -440,13 +440,14 @@ jobs:
    - run: cd .github/actions/github-release && npm install --production
    - name: Publish Release
      uses: ./.github/actions/github-release
-      if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v'))
+      if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) && github.repository == 'bytecodealliance/wasmtime'
      with:
        files: "dist/*"
        token: ${{ secrets.GITHUB_TOKEN }}
      continue-on-error: true

  verify-publish:
+    if: github.repository == 'bytecodealliance/wasmtime'
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
--- a/.github/workflows/publish-to-cratesio.yml
+++ b/.github/workflows/publish-to-cratesio.yml
@@ -11,6 +11,7 @@ on:

 jobs:
  publish:
+    if: github.repository == 'bytecodealliance/wasmtime'
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
--- a/.github/workflows/push-tag.yml
+++ b/.github/workflows/push-tag.yml
@@ -14,6 +14,7 @@ on:

 jobs:
  push_tag:
+    if: github.repository == 'bytecodealliance/wasmtime'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
--- a/.github/workflows/release-process.yml
+++ b/.github/workflows/release-process.yml
@@ -34,6 +34,7 @@ on:

 jobs:
  release_process:
+    if: github.repository == 'bytecodealliance/wasmtime'
    name: Run the release process
    runs-on: ubuntu-latest
    steps: