fix: dont run workflows outside of npm org

This adds a `if: github.repository_owner == 'npm'` to each workflow so they don't run outside of the npm organization by default. Closes #182
npm · Sep 15, 2022 · 11f801d · 11f801d
1 parent 910f3fa
commit 11f801d
Show file tree

Hide file tree

Showing 13 changed files with 16 additions and 25 deletions.
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -10,6 +10,7 @@ on:
 
 jobs:
   audit:
+    if: github.repository_owner == 'npm'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -17,6 +17,7 @@ on:
 
 jobs:
   lint:
+    if: github.repository_owner == 'npm'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -34,6 +35,7 @@ jobs:
       - run: npm run lint
 
   test:
+    if: github.repository_owner == 'npm'
     strategy:
       fail-fast: false
       matrix:

diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml
@@ -10,8 +10,8 @@ permissions:
 
 jobs:
   template-oss-apply:
+    if: github.repository_owner == 'npm' && github.actor == 'dependabot[bot]'
     runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]'
     steps:
       - uses: actions/checkout@v3
         with:

diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -13,6 +13,7 @@ on:
 jobs:
   check:
     name: Check PR Title or Commits
+    if: github.repository_owner == 'npm'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3

diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -17,6 +17,7 @@ jobs:
     outputs:
       pr: ${{ steps.release.outputs.pr }}
       release: ${{ steps.release.outputs.release }}
+    if: github.repository_owner == 'npm'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -79,7 +80,7 @@ jobs:
 
   post-release:
     needs: release-please
-    if: needs.release-please.outputs.release
+    if: github.repository_owner == 'npm' && needs.release-please.outputs.release
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -11,6 +11,7 @@ on:
 
 jobs:
   lint-all:
+    if: github.repository_owner == 'npm'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -30,6 +31,7 @@ jobs:
       - run: npm run lint -ws -iwr --if-present
 
   test-all:
+    if: github.repository_owner == 'npm'
     strategy:
       fail-fast: false
       matrix:

diff --git a/lib/content/_setup-job-matrix.yml b/lib/content/_setup-job-matrix.yml
@@ -1,3 +1,4 @@
+if: github.repository_owner == 'npm'
 strategy:
   fail-fast: false
   matrix:

diff --git a/lib/content/_setup-job.yml b/lib/content/_setup-job.yml
@@ -1,3 +1,4 @@
+if: github.repository_owner == 'npm' {{~#if jobIf}} && {{{jobIf}}}{{/if}}
 runs-on: ubuntu-latest
 steps:
   {{> setupGit}}

diff --git a/lib/content/audit.yml b/lib/content/audit.yml
@@ -8,9 +8,5 @@ on:
 
 jobs:
   audit:
-    runs-on: ubuntu-latest
-    steps:
-      {{> setupGit}}
-      {{> setupNode}}
-      {{> setupDeps flags="--package-lock"}}
+    {{> setupJob flags="--package-lock"}}
       - run: {{rootNpmPath}} audit
diff --git a/lib/content/post-dependabot.yml b/lib/content/post-dependabot.yml
@@ -9,12 +9,7 @@ permissions:
 
 jobs:
   template-oss-apply:
-    runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]'
-    steps:
-      {{> setupGit checkout=(obj ref="${{ github.event.pull_request.head_ref }}")}}
-      {{> setupNode}}
-      {{> setupDeps}}
+    {{> setupJob jobIf="github.actor == 'dependabot[bot]'" checkout=(obj ref="${{ github.event.pull_request.head_ref }}")}}
       - name: Dependabot metadata
         id: metadata
         uses: dependabot/fetch-metadata@v1.1.1

diff --git a/lib/content/pull-request.yml b/lib/content/pull-request.yml
@@ -11,11 +11,7 @@ on:
 jobs:
   check:
     name: Check PR Title or Commits
-    runs-on: ubuntu-latest
-    steps:
-      {{> setupGit checkout=(obj fetch-depth=0)}}
-      {{> setupNode}}
-      {{> setupDeps}}
+    {{> setupJob checkout=(obj fetch-depth=0)}}
       - name: Check commits or PR title
         env:
           PR_TITLE: $\{{ github.event.pull_request.title }}

diff --git a/lib/content/release-please.yml b/lib/content/release-please.yml
@@ -56,8 +56,7 @@ jobs:
 
   post-release:
     needs: release-please
-    if: needs.release-please.outputs.release
-    {{> setupJob }}
+    {{> setupJob jobIf="needs.release-please.outputs.release" }}
       - name: Post release actions
         env:
           GITHUB_TOKEN: $\{{ secrets.GITHUB_TOKEN }}

diff --git a/lib/content/release.yml b/lib/content/release.yml
@@ -10,11 +10,7 @@ on:
 
 jobs:
   lint-all:
-    runs-on: ubuntu-latest
-    steps:
-      {{> setupGit checkout=(obj ref="${{ inputs.ref }}")}}
-      {{> setupNode}}
-      {{> setupDeps}}
+    {{> setupJob checkout=(obj ref="${{ inputs.ref }}")}}
       - run: {{rootNpmPath}} run lint -ws -iwr --if-present
 
   test-all: