From 8a979fad9dc8376752d6ea4b85f271938b93ed84 Mon Sep 17 00:00:00 2001
From: Alexander Minkin <weryskok@gmail.com>
Date: Fri, 31 Jan 2025 19:03:28 +0300
Subject: [PATCH] ci(actions): restrict 'pull_request' runs to outer PRs
 (#1221)

'push' runs will run anyway on commits inside of repository
---
 .github/workflows/build.yaml | 12 ++++++++++++
 .github/workflows/lint.yaml  |  7 +++++++
 2 files changed, 19 insertions(+)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 42ce80f3..3d7007c3 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -14,6 +14,12 @@ jobs:
 
         runs-on: ubuntu-latest
 
+        # 'push' runs on inner branches, 'pull_request' will run only on outer PRs
+        if: >
+          github.event_name == 'push'
+          || (github.event_name == 'pull_request'
+              && github.event.pull_request.head.repo.full_name != github.repository)
+
         steps:
             - name: Set up QEMU
               uses: docker/setup-qemu-action@v3
@@ -64,6 +70,12 @@ jobs:
         name: Build DB images
 
         runs-on: ubuntu-latest
+        
+        # 'push' runs on inner branches, 'pull_request' will run only on outer PRs
+        if: >
+          github.event_name == 'push'
+          || (github.event_name == 'pull_request'
+              && github.event.pull_request.head.repo.full_name != github.repository)
 
         steps:
             - name: Set up QEMU
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index c284acc9..7ab06d7f 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -7,6 +7,13 @@ on:
 jobs:
   lint:
     runs-on: ubuntu-20.04
+    
+    # 'push' runs on inner branches, 'pull_request' will run only on outer PRs
+    if: >
+      github.event_name == 'push'
+      || (github.event_name == 'pull_request'
+          && github.event.pull_request.head.repo.full_name != github.repository)
+
     permissions:
       contents: read
     steps: