ci: don't run membrowse workflows on forks

Forks with Actions enabled would otherwise run the membrowse build matrix on push/workflow_dispatch and report fork builds to the membrowse backend. Guard the jobs in both workflows with github.repository_owner == 'wolfssl' (combined with the existing draft check in the report workflow), matching tls-anvil.yml and coverity-scan-fixes.yml.

Also default the analyze/onboard matrix to '[]' so strategy expansion does not error when load-targets is skipped on forks or draft PRs.
This commit is contained in:
Juliusz Sosinowicz
2026-06-01 17:36:26 +02:00
parent f6f27652dd
commit 2703458535
2 changed files with 11 additions and 5 deletions
+5 -1
View File
@@ -11,6 +11,9 @@ on:
jobs:
load-targets:
# Only run from the wolfssl org to avoid burning forks' CI minutes
# and reporting fork builds to the membrowse backend.
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04
timeout-minutes: 10
outputs:
@@ -25,12 +28,13 @@ jobs:
onboard:
needs: load-targets
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04
timeout-minutes: 10
strategy:
fail-fast: false
matrix:
include: ${{ fromJson(needs.load-targets.outputs.matrix) }}
include: ${{ fromJson(needs.load-targets.outputs.matrix || '[]') }}
steps:
- name: Checkout repository
+6 -4
View File
@@ -13,7 +13,9 @@ concurrency:
jobs:
load-targets:
if: github.event_name != 'pull_request' || github.event.pull_request.draft == false
# Only run from the wolfssl org to avoid burning forks' CI minutes
# and reporting fork builds to the membrowse backend.
if: github.repository_owner == 'wolfssl' && (github.event_name != 'pull_request' || github.event.pull_request.draft == false)
runs-on: ubuntu-24.04
timeout-minutes: 10
outputs:
@@ -27,7 +29,7 @@ jobs:
run: echo "matrix=$(jq -c '.' .github/membrowse-targets.json)" >> $GITHUB_OUTPUT
check-changes:
if: github.event_name != 'pull_request' || github.event.pull_request.draft == false
if: github.repository_owner == 'wolfssl' && (github.event_name != 'pull_request' || github.event.pull_request.draft == false)
runs-on: ubuntu-24.04
timeout-minutes: 5
outputs:
@@ -64,13 +66,13 @@ jobs:
analyze:
needs: [load-targets, check-changes]
if: github.event_name != 'pull_request' || needs.check-changes.outputs.needs_build == 'true'
if: github.repository_owner == 'wolfssl' && (github.event_name != 'pull_request' || needs.check-changes.outputs.needs_build == 'true')
runs-on: ubuntu-24.04
timeout-minutes: 10
strategy:
fail-fast: false
matrix:
include: ${{ fromJson(needs.load-targets.outputs.matrix) }}
include: ${{ fromJson(needs.load-targets.outputs.matrix || '[]') }}
steps:
- name: Checkout repository