NixiN/ssh-agent-action
2
0
Fork 0
mirror of https://github.com/webfactory/ssh-agent.git synced 2024-11-21 16:50:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

CI: don't run secret-requiring CI jobs on pull requests from forks

Browse source
This commit is contained in:
Dilum Aluthge 2023-01-27 22:36:37 -05:00
parent 9fbc246995
commit 794084c865
1 changed files with 22 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
.github/workflows/demo.yml vendored
View file

@ -7,6 +7,17 @@ jobs:
matrix:
os: [ ubuntu-latest, macOS-latest, windows-latest ]
runs-on: ${{ matrix.os }}
# This job requires some GitHub Secrets. For security reasons, GitHub Secrets are not available
# if the pull request was made from a fork. Therefore, we only run this job if either of the
# following are true:
# 1. This is not a pull request.
# 2. This is a pull request, and the pull request was NOT made from a fork.
# In particular, we do NOT run this job if this is a pull request, and the pull request WAS
# made from a fork.
#
# The `(github.event_name != 'pull_request')` means "if this isn't a pull request".
# The `(github.repository == github.event.pull_request.head.repo.full_name)` means "the pull request is NOT made from a fork".
if: (github.event_name != 'pull_request') || (github.repository == github.event.pull_request.head.repo.full_name)
steps:
- uses: actions/checkout@v3
- name: Setup key
@ -27,6 +38,17 @@ jobs:
runs-on: ubuntu-latest
container:
image: ubuntu:latest
# This job requires some GitHub Secrets. For security reasons, GitHub Secrets are not available
# if the pull request was made from a fork. Therefore, we only run this job if either of the
# following are true:
# 1. This is not a pull request.
# 2. This is a pull request, and the pull request was NOT made from a fork.
# In particular, we do NOT run this job if this is a pull request, and the pull request WAS
# made from a fork.
#
# The `(github.event_name != 'pull_request')` means "if this isn't a pull request".
# The `(github.repository == github.event.pull_request.head.repo.full_name)` means "the pull request is NOT made from a fork".
if: (github.event_name != 'pull_request') || (github.repository == github.event.pull_request.head.repo.full_name)
steps:
- uses: actions/checkout@v3
- run: apt update && apt install -y openssh-client git
@ -43,4 +65,3 @@ jobs:
git clone https://github.com/mpdude/test-2.git test-2-http
git clone git@github.com:mpdude/test-2.git test-2-git
git clone ssh://git@github.com/mpdude/test-2.git test-2-git-ssh