yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

GitHub: Only deploy to Azure on direct pull requests (#19647)

Browse Source 
* build(github): check that the "close" job only runs when the appropriate label is applied

it follows that the "build" job would only have built an environment when the label was applied

* build(github): check that the action is run directly on the repository and not from a fork

this alleviates the problem that the deploymentToken for Azure only exists within the repository
This commit is contained in:
Jacob Overgaard
2025-07-02 09:47:53 +02:00
committed by GitHub
parent dcd8b42522
commit be3a1759de
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/azure-backoffice.yml vendored
View File

@@ -20,7 +20,7 @@ on:
jobs: jobs:
build_and_deploy_job: build_and_deploy_job:
if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.action != 'closed' && (contains(github.event.pull_request.labels.*.name, 'preview/backoffice'))) if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.action != 'closed' && contains(github.event.pull_request.labels.*.name, 'preview/backoffice') && github.repository == github.event.pull_request.head.repo.full_name)
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Build and Deploy Job name: Build and Deploy Job
steps: steps:
@@ -44,7 +44,7 @@ jobs:
###### End of Repository/Build Configurations ###### ###### End of Repository/Build Configurations ######
close_pull_request_job: close_pull_request_job:
if: github.event_name == 'pull_request' && github.event.action == 'closed' if: github.event_name == 'pull_request' && github.event.action == 'closed' && contains(github.event.pull_request.labels.*.name, 'preview/backoffice') && github.repository == github.event.pull_request.head.repo.full_name
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Close Pull Request Job name: Close Pull Request Job
steps: steps:

4
.github/workflows/azure-storybook.yml vendored
View File

@@ -23,7 +23,7 @@ env:
jobs: jobs:
build_and_deploy_job: build_and_deploy_job:
if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.action != 'closed' && (contains(github.event.pull_request.labels.*.name, 'preview/storybook'))) if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.action != 'closed' && contains(github.event.pull_request.labels.*.name, 'preview/storybook') && github.repository == github.event.pull_request.head.repo.full_name)
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Build and Deploy Job name: Build and Deploy Job
steps: steps:
@@ -45,7 +45,7 @@ jobs:
###### End of Repository/Build Configurations ###### ###### End of Repository/Build Configurations ######
close_pull_request_job: close_pull_request_job:
if: github.event_name == 'pull_request' && github.event.action == 'closed' if: github.event_name == 'pull_request' && github.event.action == 'closed' && contains(github.event.pull_request.labels.*.name, 'preview/storybook') && github.repository == github.event.pull_request.head.repo.full_name
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Close Pull Request Job name: Close Pull Request Job
steps: steps: