chore: disable workflows in forks #13083
Conversation
📝 Walkthrough""" WalkthroughConditional expressions were added to several GitHub Actions workflow job definitions across multiple workflow files. These conditions restrict the execution of specific jobs so that they only run when the repository is not a fork ( Assessment against linked issues
Assessment against linked issues: Out-of-scope changesNo out-of-scope changes were found. 📜 Recent review detailsConfiguration used: CodeRabbit UI 📒 Files selected for processing (6)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (5)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (12)
🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Hey @benoitf - I've reviewed your changes - here's some feedback:
- Instead of repeating
if: github.repository == 'podman-desktop/podman-desktop'on each job, consider using the built-ingithub.event.repository.forkflag (e.g.if: not github.event.repository.fork) to skip workflows in forks. - You could move the fork-check into a reusable workflow or a common template to avoid duplicating the condition across multiple workflow files.
- For improved readability and maintainability, you might use
if: github.repository_owner == 'podman-desktop'rather than the full repo string.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- Instead of repeating `if: github.repository == 'podman-desktop/podman-desktop'` on each job, consider using the built-in `github.event.repository.fork` flag (e.g. `if: not github.event.repository.fork`) to skip workflows in forks.
- You could move the fork-check into a reusable workflow or a common template to avoid duplicating the condition across multiple workflow files.
- For improved readability and maintainability, you might use `if: github.repository_owner == 'podman-desktop'` rather than the full repo string.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (4)
.github/workflows/next-build.yaml (1)
38-40: Same fork-PR exposure as noted in argos.yamlThe
tagjob will still execute for PRs opened from forks and fail when secrets are missing.
Apply the improved conditional expression suggested forargos.yamlhere as well..github/workflows/codecov-next.yaml (1)
33-35: Condition needs the fork-head checkMirrors the issue already described for
argos.yaml; please update accordingly..github/workflows/website-next.yaml (1)
44-46: Deployment guard still triggers on fork PRsSame recommendation as in the first comment—ensure the job is skipped when the PR’s head repo is a fork.
.github/workflows/e2e-kubernetes-main.yaml (1)
56-58: Fork PRs will still hit this jobPlease apply the stricter condition proposed for
argos.yamlso E2E tests are not started without secrets.
🧹 Nitpick comments (1)
.github/workflows/e2e-main.yaml (1)
180-182: Same fork-guard duplicated – consider a small DRY improvementThe exact
if:clause is now repeated in multiple jobs (here and ine2e-tests,mac-update-e2e-test, and other workflows).
Although harmless, centralising the check via:• a reusable workflow called with
workflow_call, or
• a composite action that encapsulates the guard,would drop duplication and reduce future maintenance overhead.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (6)
.github/workflows/argos.yaml(1 hunks).github/workflows/codecov-next.yaml(1 hunks).github/workflows/e2e-kubernetes-main.yaml(1 hunks).github/workflows/e2e-main.yaml(3 hunks).github/workflows/next-build.yaml(1 hunks).github/workflows/website-next.yaml(1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (12)
- GitHub Check: smoke e2e tests (production)
- GitHub Check: unit tests / ubuntu-24.04
- GitHub Check: smoke e2e tests (development)
- GitHub Check: unit tests / macos-15
- GitHub Check: unit tests / windows-2022
- GitHub Check: Windows
- GitHub Check: macOS
- GitHub Check: Linux
- GitHub Check: linter, formatters
- GitHub Check: typecheck
- GitHub Check: build website
- GitHub Check: take screenshots
🔇 Additional comments (2)
.github/workflows/e2e-main.yaml (2)
68-70: Condition correctly prevents E2E job execution on forksThe
if: github.repository == 'podman-desktop/podman-desktop'guard is the right, lightweight way to stop this secret-dependent job from spawning in forks.
261-263: Condition mirrors previous jobs and looks goodThe fork guard is consistent with other jobs and should behave as intended.
fixes podman-desktop#13081 Signed-off-by: Florent Benoit <fbenoit@redhat.com>
|
I've updated the PR to use |
|
so it works well on forks (it's not launching jobs) will see if it's working well on the main repository 🤞 |
|
jobs are correctly executed in the main repository 🚀 |
What does this PR do?
avoid to spawn jobs in forks and skip them as we don't have access to secrets in forks
Screenshot / video of UI
What issues does this PR fix or reference?
fixes #13081
How to test this PR?