diff --git a/.github/workflows/assign.yml b/.github/workflows/assign.yml index 3ed6bf4fba..ac24417653 100644 --- a/.github/workflows/assign.yml +++ b/.github/workflows/assign.yml @@ -7,7 +7,10 @@ on: jobs: assign: # Only run on issue comments (not PR comments) - if: "!github.event.issue.pull_request && contains(github.event.comment.body, '/assign')" + if: | + !github.event.issue.pull_request && + contains(github.event.comment.body, '/assign') && + github.repository == 'podman-container-tools/podman' runs-on: ubuntu-latest permissions: issues: write diff --git a/.github/workflows/cherry-pick.yml b/.github/workflows/cherry-pick.yml index 3460f3d2f7..c31a2eed87 100644 --- a/.github/workflows/cherry-pick.yml +++ b/.github/workflows/cherry-pick.yml @@ -11,7 +11,8 @@ jobs: if: | github.event_name == 'issue_comment' && github.event.issue.pull_request && - contains(github.event.comment.body, '/cherry-pick ') + contains(github.event.comment.body, '/cherry-pick ') && + github.repository == 'podman-container-tools/podman' runs-on: ubuntu-latest permissions: contents: write @@ -194,7 +195,8 @@ jobs: cherry-pick-on-merge: if: | github.event_name == 'pull_request' && - github.event.pull_request.merged == true + github.event.pull_request.merged == true && + github.repository == 'podman-container-tools/podman' runs-on: ubuntu-latest permissions: contents: write diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c808aaeb77..133da019e3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,6 +19,7 @@ concurrency: jobs: path-filter: runs-on: ubuntu-latest + if: github.repository == 'podman-container-tools/podman' outputs: all: ${{ steps.filter.outputs.all }} code: ${{ steps.filter.outputs.code }} @@ -46,6 +47,7 @@ jobs: validate-source: name: Validate source code changes runs-on: cncf-ubuntu-8-32-x86 + if: github.repository == 'podman-container-tools/podman' permissions: pull-requests: read # For hack/ci/pr-should-include-tests to query PR labels. env: @@ -183,6 +185,7 @@ jobs: build-alt: name: Cross Build (Linux, FreeBSD) runs-on: cncf-ubuntu-16-64-x86 + if: github.repository == 'podman-container-tools/podman' steps: - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: @@ -196,6 +199,7 @@ jobs: build: name: build ${{ matrix.distro }} + if: github.repository == 'podman-container-tools/podman' strategy: fail-fast: false matrix: @@ -210,6 +214,7 @@ jobs: windows-installer: name: windows installer ${{ matrix.provider }} runs-on: windows-2025-vs2026 + if: github.repository == 'podman-container-tools/podman' timeout-minutes: 20 permissions: contents: read @@ -285,6 +290,7 @@ jobs: macos-installer: name: macos installer runs-on: macos-26 + if: github.repository == 'podman-container-tools/podman' timeout-minutes: 15 steps: - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 diff --git a/.github/workflows/dev-bump.yml b/.github/workflows/dev-bump.yml index 2ad1bc4fe8..6452a7f568 100644 --- a/.github/workflows/dev-bump.yml +++ b/.github/workflows/dev-bump.yml @@ -8,6 +8,7 @@ permissions: {} jobs: bump: + if: github.repository == 'podman-container-tools/podman' name: Bump to -dev runs-on: ubuntu-latest permissions: diff --git a/.github/workflows/first_contrib_cert_generator.yml b/.github/workflows/first_contrib_cert_generator.yml index 383cc267a0..7da6abe060 100644 --- a/.github/workflows/first_contrib_cert_generator.yml +++ b/.github/workflows/first_contrib_cert_generator.yml @@ -22,7 +22,12 @@ jobs: screenshot_and_comment: # This job runs if the PR was merged or if it's a manual trigger. # The logic for first-time contributors is handled in a dedicated step below. - if: ${{ github.event_name == 'workflow_dispatch' || github.event.pull_request.merged == true }} + if: | + ( + github.event_name == 'workflow_dispatch' || + github.event.pull_request.merged == true + ) && + github.repository == 'podman-container-tools/podman' runs-on: ubuntu-latest permissions: contents: read # Write access for certificate storage diff --git a/.github/workflows/issue-labeler.yml b/.github/workflows/issue-labeler.yml index 12f2a59576..895527e863 100644 --- a/.github/workflows/issue-labeler.yml +++ b/.github/workflows/issue-labeler.yml @@ -8,6 +8,7 @@ permissions: jobs: triage: + if: github.repository == 'podman-container-tools/podman' permissions: contents: read # for github/issue-labeler to get repo contents issues: write # for github/issue-labeler to create or remove labels diff --git a/.github/workflows/issue_pr_lock.yml b/.github/workflows/issue_pr_lock.yml index 303eb48a07..b379bd8339 100644 --- a/.github/workflows/issue_pr_lock.yml +++ b/.github/workflows/issue_pr_lock.yml @@ -45,6 +45,7 @@ env: jobs: manage_locking: + if: github.repository == 'podman-container-tools/podman' runs-on: ubuntu-latest permissions: issues: write diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 8d3f141f30..22d7cba627 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -7,6 +7,7 @@ permissions: {} jobs: triage: + if: github.repository == 'podman-container-tools/podman' permissions: contents: read pull-requests: write diff --git a/.github/workflows/machine-os-pr.yml b/.github/workflows/machine-os-pr.yml index d216afd3cb..d2524c61e5 100644 --- a/.github/workflows/machine-os-pr.yml +++ b/.github/workflows/machine-os-pr.yml @@ -14,6 +14,7 @@ concurrency: jobs: podman-image-build-pr: + if: github.repository == 'podman-container-tools/podman' name: Open PR on podman-machine-os runs-on: ubuntu-latest permissions: diff --git a/.github/workflows/needs-info-labeler.yaml b/.github/workflows/needs-info-labeler.yaml index aa048b27f5..da4236686b 100644 --- a/.github/workflows/needs-info-labeler.yaml +++ b/.github/workflows/needs-info-labeler.yaml @@ -8,7 +8,9 @@ permissions: {} jobs: add-comment: - if: github.event.label.name == 'needs-info' + if: | + github.event.label.name == 'needs-info' && + github.repository == 'podman-container-tools/podman' runs-on: ubuntu-latest permissions: issues: write diff --git a/.github/workflows/release-build-artifacts.yml b/.github/workflows/release-build-artifacts.yml index 232163489f..e7b0d2b3c9 100644 --- a/.github/workflows/release-build-artifacts.yml +++ b/.github/workflows/release-build-artifacts.yml @@ -49,6 +49,7 @@ jobs: build-artifacts: name: Build Artifacts runs-on: ubuntu-latest + if: github.repository == 'podman-container-tools/podman' outputs: version_display: ${{ steps.set-version.outputs.version_display }} steps: @@ -88,6 +89,7 @@ jobs: mac-pkg: name: Build MacOS pkginstaller runs-on: macos-latest + if: github.repository == 'podman-container-tools/podman' env: APPLICATION_CERTIFICATE: ${{ secrets.MACOS_APPLICATION_CERT }} CODESIGN_IDENTITY: ${{ secrets.MACOS_APPLICATION_IDENTITY }} diff --git a/.github/workflows/release-pipeline-validation.yml b/.github/workflows/release-pipeline-validation.yml index 9377ffa057..7a20f487cb 100644 --- a/.github/workflows/release-pipeline-validation.yml +++ b/.github/workflows/release-pipeline-validation.yml @@ -17,7 +17,9 @@ jobs: get-latest-release: name: Get branch for latest release runs-on: ubuntu-latest - if: github.event_name == 'schedule' + if: | + github.event_name == 'schedule' && + github.repository == 'podman-container-tools/podman' outputs: release_ref: ${{ steps.set.outputs.release_ref }} steps: @@ -44,7 +46,9 @@ jobs: build-artifacts-main: name: Build Artifacts (main) uses: ./.github/workflows/release-build-artifacts.yml - if: github.event_name == 'schedule' + if: | + github.event_name == 'schedule' && + github.repository == 'podman-container-tools/podman' with: version: 'main' secrets: @@ -89,7 +93,9 @@ jobs: build-artifacts-single: name: Build Artifacts uses: ./.github/workflows/release-build-artifacts.yml - if: github.event_name == 'workflow_dispatch' + if: | + github.event_name == 'workflow_dispatch' && + github.repository == 'podman-container-tools/podman' with: version: ${{ inputs.ref }} secrets: @@ -110,6 +116,7 @@ jobs: validate-tokens: name: Validate GitHub tokens + if: github.repository == 'podman-container-tools/podman' runs-on: ubuntu-latest steps: - name: Validate PODMANBOT_TOKEN diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 437b7a6731..a556dcf737 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,6 +21,7 @@ permissions: jobs: check: + if: github.repository == 'podman-container-tools/podman' name: Check runs-on: ubuntu-latest steps: diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 3336ad7380..7fb6c4662e 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -12,7 +12,7 @@ permissions: jobs: stale: - + if: github.repository == 'podman-container-tools/podman' permissions: issues: write # for actions/stale to close stale issues pull-requests: write # for actions/stale to close stale PRs diff --git a/.github/workflows/update-podmanio.yml b/.github/workflows/update-podmanio.yml index 3d1756da10..7873319c4c 100644 --- a/.github/workflows/update-podmanio.yml +++ b/.github/workflows/update-podmanio.yml @@ -22,6 +22,7 @@ permissions: {} jobs: bump: + if: github.repository == 'podman-container-tools/podman' name: Bump runs-on: ubuntu-24.04 permissions: