From 2b9eb41eec500af8acbba1366a153d7bf584b203 Mon Sep 17 00:00:00 2001 From: Will Pfleger Date: Wed, 18 Feb 2026 08:16:01 -0500 Subject: [PATCH] ci: add fork guards to scheduled workflows (#7292) Signed-off-by: Will Pfleger --- .github/workflows/cargo-deny.yml | 1 + .github/workflows/minor-release.yaml | 1 + .github/workflows/rebuild-skills-marketplace.yml | 1 + .github/workflows/scorecard.yml | 2 +- .github/workflows/stale.yml | 1 + .github/workflows/update-hacktoberfest-leaderboard.yml | 1 + .github/workflows/update-health-dashboard.yml | 1 + 7 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cargo-deny.yml b/.github/workflows/cargo-deny.yml index 5dfa1c924f..b7b4a7fd4d 100644 --- a/.github/workflows/cargo-deny.yml +++ b/.github/workflows/cargo-deny.yml @@ -18,6 +18,7 @@ on: jobs: deny: runs-on: ubuntu-latest + if: github.repository == 'block/goose' permissions: contents: read steps: diff --git a/.github/workflows/minor-release.yaml b/.github/workflows/minor-release.yaml index 8929f0be71..8b81026133 100644 --- a/.github/workflows/minor-release.yaml +++ b/.github/workflows/minor-release.yaml @@ -11,6 +11,7 @@ on: jobs: release: + if: github.repository == 'block/goose' uses: ./.github/workflows/create-release-pr.yaml with: bump_type: "minor" diff --git a/.github/workflows/rebuild-skills-marketplace.yml b/.github/workflows/rebuild-skills-marketplace.yml index f3480915f6..1985a4a821 100644 --- a/.github/workflows/rebuild-skills-marketplace.yml +++ b/.github/workflows/rebuild-skills-marketplace.yml @@ -23,6 +23,7 @@ concurrency: jobs: rebuild-docs: runs-on: ubuntu-latest + if: github.repository == 'block/goose' permissions: contents: write diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index cce589c8d1..4d5bd6c7d7 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -22,7 +22,7 @@ jobs: name: Scorecard analysis runs-on: ubuntu-latest # `publish_results: true` only works when run from the default branch. conditional can be removed if disabled. - if: github.event.repository.default_branch == github.ref_name || github.event_name == 'pull_request' + if: github.repository == 'block/goose' && (github.event.repository.default_branch == github.ref_name || github.event_name == 'pull_request') permissions: # Needed to upload the results to code-scanning dashboard. security-events: write diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 32f23d8a46..74a2f1d80f 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -24,6 +24,7 @@ jobs: stale: name: 'Mark and Close Stale PRs' runs-on: ubuntu-latest + if: github.repository == 'block/goose' steps: # Use the official stale action from GitHub diff --git a/.github/workflows/update-hacktoberfest-leaderboard.yml b/.github/workflows/update-hacktoberfest-leaderboard.yml index b33929d139..f984e9f851 100644 --- a/.github/workflows/update-hacktoberfest-leaderboard.yml +++ b/.github/workflows/update-hacktoberfest-leaderboard.yml @@ -9,6 +9,7 @@ on: jobs: update-leaderboard: runs-on: ubuntu-latest + if: github.repository == 'block/goose' permissions: contents: read pull-requests: read diff --git a/.github/workflows/update-health-dashboard.yml b/.github/workflows/update-health-dashboard.yml index fc15625528..1504fe15e5 100644 --- a/.github/workflows/update-health-dashboard.yml +++ b/.github/workflows/update-health-dashboard.yml @@ -23,6 +23,7 @@ jobs: update-dashboard: name: 'Update Health Dashboard' runs-on: ubuntu-latest + if: github.repository == 'block/goose' steps: - name: 'Download previous metrics'