ci: fix workflows with tokens running on forks

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2024-10-01 01:36:09 -04:00 · 2022-12-23 11:16:26 +01:00 · 2022-12-23 11:16:26 +01:00 · c7ecf13e7f
commit c7ecf13e7f
parent 8b39d3d368
2 changed files with 18 additions and 5 deletions
--- a/.github/workflows/test-go-generate.yml
+++ b/.github/workflows/test-go-generate.yml
@ -17,7 +17,7 @@ jobs:
        with:
          path: constellation
          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
-          token: ${{ secrets.TIDY_RENOVATE_PUSH }}
+          token: ${{ !github.event.pull_request.head.repo.fork && secrets.TIDY_RENOVATE_PUSH || '' }}

      - name: Setup Go
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
@ -54,7 +54,11 @@ jobs:
          git diff --exit-code

      - name: Push changes on renovate branch
-        if: failure() && (steps.generatecheck.conclusion == 'failure') && startsWith(github.head_ref, 'renovate/')
+        if: |
+          failure() &&
+          (steps.generatecheck.conclusion == 'failure')
+          && startsWith(github.head_ref, 'renovate/') &&
+          !github.event.pull_request.head.repo.fork
        shell: bash
        working-directory: constellation
        run: |
--- a/.github/workflows/test-tidy.yml
+++ b/.github/workflows/test-tidy.yml
@ -25,7 +25,8 @@ jobs:
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
        with:
          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
-          token: ${{ secrets.TIDY_RENOVATE_PUSH }}
+          # No token available for forks, so we can't push changes
+          token: ${{ !github.event.pull_request.head.repo.fork && secrets.TIDY_RENOVATE_PUSH || '' }}

      - name: Setup Go environment
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
@ -51,7 +52,11 @@ jobs:
      # modules again and commit the changes, so the user doesn't need to do it.

      - name: Tidy modules on renovate branches
-        if: ${{ failure() && (steps.tidycheck.conclusion == 'failure') && startsWith(github.head_ref, 'renovate/') }}
+        if: |
+          failure() &&
+          (steps.tidycheck.conclusion == 'failure') &&
+          startsWith(github.head_ref, 'renovate/') &&
+          !github.event.pull_request.head.repo.fork
        shell: bash
        run: |
          mods="${{ steps.submods.outputs.submods }}"
@ -60,7 +65,11 @@ jobs:
          done

      - name: Push changes
-        if: ${{ failure() && (steps.tidycheck.conclusion == 'failure') && startsWith(github.head_ref, 'renovate/') }}
+        if: |
+          failure() &&
+          (steps.tidycheck.conclusion == 'failure') &&
+          startsWith(github.head_ref, 'renovate/') &&
+          !github.event.pull_request.head.repo.fork
        shell: bash
        run: |
          git config --global user.name "renovate[bot]"