ci: skip release/publish/changelog automation on forks#5756
Conversation
nightly-release-v3, publish-npm, auto-changelog-v3 and changelog-v3 had no repository guard, so any fork with Actions enabled runs them against its own default branch. On a fork whose master is a PR head (#5462) this keeps committing fork-generated release bumps, npm version bumps and typedoc output (with fork source links) straight into the open PR. Guard the jobs with github.repository == 'wailsapp/wails', matching weekly-release-v2 and generate-sponsor-image.
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (4)
WalkthroughFour GitHub Actions workflow files (auto-changelog-v3.yml, changelog-v3.yml, nightly-release-v3.yml, publish-npm.yml) have job-level ChangesCI Workflow Repository Gating
Estimated code review effort: 1 (Trivial) | ~5 minutes Possibly related PRs
Suggested labels: Suggested reviewers: Poem
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Why
nightly-release-v3.yml,publish-npm.yml,auto-changelog-v3.ymlandchangelog-v3.ymlhave no repository guard, so any fork with Actions enabled runs them against its own default branch.This is actively biting #5462: the PR head is the author's fork
master, and the fork's Actions keep committing straight into the open PR — a nightly-mintedv3.0.0-alpha2.114release bump that collides with the real one,@wailsio/runtimeversion bumps, and 90+ regenerated typedoc files whose source links point at the fork instead ofwailsapp/wails.What
Add the same job-level guard the repo already uses in
weekly-release-v2.ymlandgenerate-sponsor-image.yml:composed with the existing conditions where a job already had an
if. Forpull_request/pull_request_targeteventsgithub.repositoryis the base repo, so fork-authored PRs against upstream still run these normally — only runs inside a fork are skipped.Because push-triggered runs use the workflow file at the pushed commit and cron runs use the fork's default-branch copy, merging this and then updating #5462's branch from master disarms the fork automation without needing any settings change on the fork.
Summary by CodeRabbit