Prevent "twisted trunk" and "latest deps" workflows from running on forks (#15726)

pull/15731/head
Andrew Morgan 2023-06-06 19:29:54 +01:00 committed by GitHub
parent dfd77f426e
commit d43c72a6c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 44 additions and 4 deletions

View File

@ -22,7 +22,21 @@ concurrency:
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
check_repo:
# Prevent this workflow from running on any fork of Synapse other than matrix-org/synapse, as it is
# only useful to the Synapse core team.
# All other workflow steps depend on this one, thus if 'should_run_workflow' is not 'true', the rest
# of the workflow will be skipped as well.
runs-on: ubuntu-latest
outputs:
should_run_workflow: ${{ steps.check_condition.outputs.should_run_workflow }}
steps:
- id: check_condition
run: echo "should_run_workflow=${{ github.repository == 'matrix-org/synapse' }}" >> "$GITHUB_OUTPUT"
mypy: mypy:
needs: check_repo
if: needs.check_repo.outputs.should_run_workflow == 'true'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
@ -47,6 +61,8 @@ jobs:
run: sed '/warn_unused_ignores = True/d' -i mypy.ini run: sed '/warn_unused_ignores = True/d' -i mypy.ini
- run: poetry run mypy - run: poetry run mypy
trial: trial:
needs: check_repo
if: needs.check_repo.outputs.should_run_workflow == 'true'
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
matrix: matrix:
@ -105,6 +121,8 @@ jobs:
sytest: sytest:
needs: check_repo
if: needs.check_repo.outputs.should_run_workflow == 'true'
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: container:
image: matrixdotorg/sytest-synapse:testing image: matrixdotorg/sytest-synapse:testing
@ -156,7 +174,8 @@ jobs:
complement: complement:
if: "${{ !failure() && !cancelled() }}" needs: check_repo
if: "!failure() && !cancelled() && needs.check_repo.outputs.should_run_workflow == 'true'"
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
@ -192,7 +211,7 @@ jobs:
# Open an issue if the build fails, so we know about it. # Open an issue if the build fails, so we know about it.
# Only do this if we're not experimenting with this action in a PR. # Only do this if we're not experimenting with this action in a PR.
open-issue: open-issue:
if: "failure() && github.event_name != 'push' && github.event_name != 'pull_request'" if: "failure() && github.event_name != 'push' && github.event_name != 'pull_request' && needs.check_repo.outputs.should_run_workflow == 'true'"
needs: needs:
# TODO: should mypy be included here? It feels more brittle than the others. # TODO: should mypy be included here? It feels more brittle than the others.
- mypy - mypy

View File

@ -18,7 +18,22 @@ concurrency:
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
check_repo:
# Prevent this workflow from running on any fork of Synapse other than matrix-org/synapse, as it is
# only useful to the Synapse core team.
# All other workflow steps depend on this one, thus if 'should_run_workflow' is not 'true', the rest
# of the workflow will be skipped as well.
if: github.repository == 'matrix-org/synapse'
runs-on: ubuntu-latest
outputs:
should_run_workflow: ${{ steps.check_condition.outputs.should_run_workflow }}
steps:
- id: check_condition
run: echo "should_run_workflow=${{ github.repository == 'matrix-org/synapse' }}" >> "$GITHUB_OUTPUT"
mypy: mypy:
needs: check_repo
if: needs.check_repo.outputs.should_run_workflow == 'true'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -41,6 +56,8 @@ jobs:
- run: poetry run mypy - run: poetry run mypy
trial: trial:
needs: check_repo
if: needs.check_repo.outputs.should_run_workflow == 'true'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -75,6 +92,8 @@ jobs:
|| true || true
sytest: sytest:
needs: check_repo
if: needs.check_repo.outputs.should_run_workflow == 'true'
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: container:
image: matrixdotorg/sytest-synapse:buster image: matrixdotorg/sytest-synapse:buster
@ -119,7 +138,8 @@ jobs:
/logs/**/*.log* /logs/**/*.log*
complement: complement:
if: "${{ !failure() && !cancelled() }}" needs: check_repo
if: "!failure() && !cancelled() && needs.check_repo.outputs.should_run_workflow == 'true'"
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
@ -166,7 +186,7 @@ jobs:
# open an issue if the build fails, so we know about it. # open an issue if the build fails, so we know about it.
open-issue: open-issue:
if: failure() if: failure() && needs.check_repo.outputs.should_run_workflow == 'true'
needs: needs:
- mypy - mypy
- trial - trial

1
changelog.d/15726.misc Normal file
View File

@ -0,0 +1 @@
Prevent the `latest_deps` and `twisted_trunk` daily GitHub Actions workflows from running on forks of the codebase.