diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 559b263..38362f5 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -20,10 +20,11 @@ jobs: needs: build-and-test runs-on: ubuntu-latest if: | - github.ref_name == 'main' || + github.repository_owner == 'iExecBlockchainComputing' && + (github.ref_name == 'main' || startsWith(github.head_ref, 'feat/') || startsWith(github.head_ref, 'fix/') || - (github.event_name == 'workflow_dispatch' && (startsWith(github.ref_name, 'feat/') || startsWith(github.ref_name, 'fix/'))) + (github.event_name == 'workflow_dispatch' && (startsWith(github.ref_name, 'feat/') || startsWith(github.ref_name, 'fix/')))) outputs: image_tag: ${{ steps.determine-tag.outputs.image_tag }} steps: diff --git a/.github/workflows/conventional-commits.yaml b/.github/workflows/conventional-commits.yaml index d11b1b1..107a9e1 100644 --- a/.github/workflows/conventional-commits.yaml +++ b/.github/workflows/conventional-commits.yaml @@ -9,6 +9,8 @@ on: jobs: lint-pr-title: + # Prevent execution on forks + if: github.repository_owner == 'iExecBlockchainComputing' permissions: pull-requests: read - uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/conventional-commits.yml@conventional-commits-v1.1.0 + uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/conventional-commits.yml@conventional-commits-v1.2.0 diff --git a/.github/workflows/docker-build-on-tag.yaml b/.github/workflows/docker-build-on-tag.yaml index ca5c58b..5c003b4 100644 --- a/.github/workflows/docker-build-on-tag.yaml +++ b/.github/workflows/docker-build-on-tag.yaml @@ -10,6 +10,8 @@ jobs: prepare: name: Determine image tag runs-on: ubuntu-latest + # Prevent execution on forks + if: github.repository_owner == 'iExecBlockchainComputing' outputs: dockerfile: ${{ steps.determine-tag.outputs.dockerfile }} image_name: ${{ steps.determine-tag.outputs.image_name }} @@ -55,7 +57,7 @@ jobs: build-oci-image: name: Build OCI image needs: prepare - uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@docker-build-v2.4.0 + uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@docker-build-v3.3.0 with: image-name: docker-regis.iex.ec/${{ needs.prepare.outputs.image_name }} image-tag: ${{ needs.prepare.outputs.image_tag }} @@ -66,7 +68,9 @@ jobs: security-scan: true security-report: "sarif" hadolint: true - platforms: linux/amd64 + platform: linux/amd64 secrets: + dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN_PULL_ONLY }} username: ${{ secrets.NEXUS_USERNAME }} password: ${{ secrets.NEXUS_PASSWORD }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c565bf2..2b3ce8a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -12,5 +12,7 @@ permissions: jobs: release-please: - uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/release-please.yml@release-please-v2.0.0 + # Prevent execution on forks + if: github.repository_owner == 'iExecBlockchainComputing' + uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/release-please.yml@release-please-v2.2.0 secrets: inherit