build: improve GHA workflow experience for forks#8285
build: improve GHA workflow experience for forks#8285nhumblot merged 2 commits intodependency-check:mainfrom
Conversation
Signed-off-by: Chad Wilson <[email protected]>
Some of these won't work on forks due to missing secrets or use unnecessary compute. An alternative would be to run them if the secret is present, but that seems less explicit as to intent. Signed-off-by: Chad Wilson <[email protected]>
chadlwilson
force-pushed
the
fork-friendliness
branch
from
78ba821 to
835494c
Compare
| env: | ||
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | ||
| DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} |
There was a problem hiding this comment.
These are not present on the PR workflow, so appear to be unnecessary.
There was a problem hiding this comment.
Pull request overview
This PR reduces GitHub Actions noise and failures on forked repositories by gating release/deploy/signing and maintenance automation to only run on the upstream dependency-check org, and by removing legacy Codacy references.
Changes:
- Gate release workflow execution to only run on the upstream org (
github.repository_owner == 'dependency-check'). - Prevent fork runs from attempting GPG import and Maven deploy/signing during snapshot builds.
- Disable scheduled maintenance jobs (thread locking, false-positive cleanup) on forks; remove Codacy badge and old Codacy coverage job stubs.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| README.md | Removes Codacy badge reference. |
| .github/workflows/release.yml | Skips release pipeline on forks by gating the build job to upstream org. |
| .github/workflows/lock.yml | Prevents scheduled/manual lock job from running on forks. |
| .github/workflows/false-positive-cleanup.yml | Prevents scheduled/manual cleanup job from running on forks. |
| .github/workflows/build.yml | Gates GPG import and conditionally enables Maven signing/deploy only when GPG install succeeded (upstream org). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
nhumblot
left a comment
nhumblot
left a comment
There was a problem hiding this comment.
praise: Thank you for this proposal and the heads-up! I no longer use forks due to commit rights on the main repository and have lost touch with the process. This is unfortunate, as it’s important to have a smooth workflow for external contributors. I’ll consider making PRs from forks occasionally to experience the process from an external perspective.
|
Yeah, it's no big deal - just some noise notifications occasionally. The main PR workflow works fine when opened to ones own fork. 👍 |
Description of Change
Makes some minor tweaks to the workflows to remove noise for forks:
Without this I get failed build notifications every time I sync
mainfrom origin and occasionally for scheduled builds. I sometimes run workflows on my fork to be able to open dummy PRs to reduce noise for other maintainers before I open real PRs.I left CodeQL there/scheduled, and ability to run with/play with FP workflows in some fashion.
Related issues
N/A
Have test cases been added to cover the new functionality?
N/A