From f181099e742756a596045474b46957f1d98fb943 Mon Sep 17 00:00:00 2001 From: Adithya Krishna Date: Mon, 4 Dec 2023 16:20:02 +0530 Subject: [PATCH] chore: updated workflow permissions and run conditions Signed-off-by: Adithya Krishna --- .github/workflows/ci.yml | 1 + .github/workflows/codeql-analysis.yml | 1 + .github/workflows/first-interaction.yml | 2 +- .github/workflows/issue-count.yml | 2 +- .github/workflows/pr-count.yml | 4 ++-- .github/workflows/pr-labeler.yml | 1 + .github/workflows/semantic-pull-requests.yml | 1 + .github/workflows/stale.yml | 2 +- 8 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fa29ae591..7e940d1b3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,6 +16,7 @@ env: jobs: build_app: name: Build App + if: github.repository == 'documenso/documenso' runs-on: ubuntu-latest steps: - name: Checkout diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index d47c37a00..281cc432c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -9,6 +9,7 @@ on: jobs: analyze: + if: github.repository == 'documenso/documenso' name: Analyze runs-on: ubuntu-latest permissions: diff --git a/.github/workflows/first-interaction.yml b/.github/workflows/first-interaction.yml index 2f488dd9c..2f6f59e4a 100644 --- a/.github/workflows/first-interaction.yml +++ b/.github/workflows/first-interaction.yml @@ -13,9 +13,9 @@ permissions: jobs: welcome-message: name: Welcome Contributors + if: github.repository == 'documenso/documenso' && github.event.action == 'opened' runs-on: ubuntu-latest timeout-minutes: 10 - if: github.event.action == 'opened' steps: - uses: actions/first-interaction@v1 with: diff --git a/.github/workflows/issue-count.yml b/.github/workflows/issue-count.yml index ceb4ffabc..cab8676c4 100644 --- a/.github/workflows/issue-count.yml +++ b/.github/workflows/issue-count.yml @@ -10,7 +10,7 @@ permissions: jobs: countIssues: - if: ${{ !github.event.issue.pull_request }} + if: ${{ !github.event.issue.pull_request }} && github.repository == 'documenso/documenso' && github.event.comment.author_association == 'MEMBER' || 'COLLABORATOR' || 'OWNER' runs-on: ubuntu-latest env: MY_ENV_VARIABLE: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pr-count.yml b/.github/workflows/pr-count.yml index 673ac65e8..8c4904945 100644 --- a/.github/workflows/pr-count.yml +++ b/.github/workflows/pr-count.yml @@ -6,11 +6,11 @@ on: types: [created] permissions: - pull-requests: write + pull-requests: write jobs: countPRs: - if: ${{ github.event.issue.pull_request }} + if: ${{ github.event.issue.pull_request }} && github.repository == 'documenso/documenso' && github.event.comment.author_association == 'MEMBER' || 'COLLABORATOR' || 'OWNER' runs-on: ubuntu-latest env: MY_ENV_VARIABLE: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml index e7873f1db..e968a028e 100644 --- a/.github/workflows/pr-labeler.yml +++ b/.github/workflows/pr-labeler.yml @@ -9,6 +9,7 @@ concurrency: jobs: labeler: + if: github.repository == 'documenso/documenso' permissions: contents: read pull-requests: write diff --git a/.github/workflows/semantic-pull-requests.yml b/.github/workflows/semantic-pull-requests.yml index ef0a87542..08d3739fc 100644 --- a/.github/workflows/semantic-pull-requests.yml +++ b/.github/workflows/semantic-pull-requests.yml @@ -13,6 +13,7 @@ permissions: jobs: validate-pr: + if: github.repository == 'documenso/documenso' name: Validate PR title runs-on: ubuntu-latest steps: diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 827c32a06..1fe91e9ab 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -6,7 +6,7 @@ on: jobs: stale: - + if: github.repository == 'documenso/documenso' runs-on: ubuntu-latest permissions: issues: write