Skip to content

Commit

Permalink
fixup! sensitive jobs on fork pr runs
Browse files Browse the repository at this point in the history
Signed-off-by: Sam Gammon <[email protected]>
  • Loading branch information
sgammon committed Mar 12, 2024
1 parent 56bb0f0 commit e3e2cd9
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 2 deletions.
8 changes: 7 additions & 1 deletion .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,13 @@
name: "CodeQL"

on:
workflow_call: {}
workflow_call:
inputs:
publish:
type: boolean
description: "Publish SARIF"
default: true

workflow_dispatch: {}
push:
branches: ["master"]
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/on.pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
contents: write
id-token: write
with:
provenance: true
provenance: ${{ github.event.pull_request.head.repo.full_name == 'google/guava' }}
provenance_publish: false
snapshot: false

Expand Down Expand Up @@ -62,3 +62,5 @@ jobs:
actions: read
contents: read
security-events: write
with:
publish: ${{ github.event.pull_request.head.repo.full_name == 'google/guava' }}

0 comments on commit e3e2cd9

Please sign in to comment.