From fc8c76f3be37e5ea3f044a4580a9990772704678 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Mon, 4 Aug 2025 18:10:23 +0200 Subject: [PATCH] GH Actions: don't run cron jobs on forks While workflows are disabled by default in forks, it is quite common for contributors to enable them to verify CI will pass before submitting a pull request. When enabling workflow runs in forks, it's "all or nothing". This means that: * All workflows which are only intended to be run on the canonical repo will also be enabled. These workflows will also often need access to repo-specific secrets and will typically fail when run from a fork. * Workflows which contain cron jobs will also be enabled. Depending on the type of account the contributor has, this can burn through their "CI minutes". This commit is based on a review of workflows containing cron jobs and disables running the jobs when a cron job is triggered in a fork. --- .github/workflows/scorecards.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 90283335..06fa35ac 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -12,6 +12,9 @@ permissions: read-all jobs: analysis: + # Don't run the cron job on forks. + if: ${{ github.event_name != 'schedule' || github.event.repository.fork == false }} + name: Scorecards analysis runs-on: ubuntu-latest permissions: