From 62cb1ce8f41b4a9e4b04754ec81e2e2d69354554 Mon Sep 17 00:00:00 2001
From: Alexander Minkin <weryskok@gmail.com>
Date: Fri, 31 Jan 2025 18:53:56 +0300
Subject: [PATCH] ci(actions): restrict 'pull_request' runs to outer PRs

'push' runs will run anyway on commits inside of repository
---
 .github/workflows/build-base.yaml | 12 ++++++++++++
 .github/workflows/build.yaml      | 12 ++++++++++++
 .github/workflows/lint.yaml       |  7 +++++++
 3 files changed, 31 insertions(+)

diff --git a/.github/workflows/build-base.yaml b/.github/workflows/build-base.yaml
index 587ce3e7..3d93ad3c 100644
--- a/.github/workflows/build-base.yaml
+++ b/.github/workflows/build-base.yaml
@@ -12,6 +12,12 @@ env:
 jobs:
   build-cli:
     runs-on: ubuntu-latest
+    
+    # 'push' runs on inner branches, 'pull_request' will run only on outer PRs
+    if: >
+      github.event_name == 'push'
+      || (github.event_name == 'pull_request'
+          && github.event.pull_request.head.repo.full_name != github.repository)
 
     steps:
       - uses: actions/checkout@v3
@@ -42,6 +48,12 @@ jobs:
 
   build-apache:
     runs-on: ubuntu-latest
+    
+    # 'push' runs on inner branches, 'pull_request' will run only on outer PRs
+    if: >
+      github.event_name == 'push'
+      || (github.event_name == 'pull_request'
+          && github.event.pull_request.head.repo.full_name != github.repository)
 
     steps:
       - uses: actions/checkout@v3
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 42ce80f3..3d7007c3 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -14,6 +14,12 @@ jobs:
 
         runs-on: ubuntu-latest
 
+        # 'push' runs on inner branches, 'pull_request' will run only on outer PRs
+        if: >
+          github.event_name == 'push'
+          || (github.event_name == 'pull_request'
+              && github.event.pull_request.head.repo.full_name != github.repository)
+
         steps:
             - name: Set up QEMU
               uses: docker/setup-qemu-action@v3
@@ -64,6 +70,12 @@ jobs:
         name: Build DB images
 
         runs-on: ubuntu-latest
+        
+        # 'push' runs on inner branches, 'pull_request' will run only on outer PRs
+        if: >
+          github.event_name == 'push'
+          || (github.event_name == 'pull_request'
+              && github.event.pull_request.head.repo.full_name != github.repository)
 
         steps:
             - name: Set up QEMU
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index c284acc9..7ab06d7f 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -7,6 +7,13 @@ on:
 jobs:
   lint:
     runs-on: ubuntu-20.04
+    
+    # 'push' runs on inner branches, 'pull_request' will run only on outer PRs
+    if: >
+      github.event_name == 'push'
+      || (github.event_name == 'pull_request'
+          && github.event.pull_request.head.repo.full_name != github.repository)
+
     permissions:
       contents: read
     steps: