Skip attestation and deployment steps for fork-based PRs having no access to secrets

Signed-off-by: DL6ER <dl6er@dl6er.de>
2024-05-19 09:14:46 +02:00 · 2024-05-19 09:14:46 +02:00 · f88d96a884
parent 524308314f
commit f88d96a884
1 changed files with 8 additions and 1 deletions
--- a/.github/actions/build-and-test/action.yml
+++ b/.github/actions/build-and-test/action.yml
@ -101,6 +101,9 @@ runs:
    -
      name: Generate artifact attestation
      uses: actions/attest-build-provenance@v1
+      # Skip attestation if ACTIONS_ID_TOKEN_REQUEST_URL env variable is not
+      # available (e.g., PR originating from a fork)
+      if: ${{ env.ACTIONS_ID_TOKEN_REQUEST_URL != '' }}
      with:
        subject-path: ${{ inputs.bin_name }}
    -
@ -118,7 +121,11 @@ runs:
        path: 'api-docs.tar.gz'
    -
      name: Deploy
-      if: inputs.event_name != 'pull_request'
+      # Skip deployment step if:
+      # - this is a triggered by a PR event (we only push on commit to branch
+      #   events)
+      # - no SSH key is provided (this is a PR from a fork)
+      if: inputs.event_name != 'pull_request' && ${{ inputs.SSH_KEY != '' }}
      uses: ./.github/actions/deploy
      with:
        pattern: ${{ inputs.bin_name }}-binary