I have an action I’m working on that can be used to build a package. One of the options for the package build process is to include some build metadata in the resulting binary package that can be useful for debugging and to detect if any of the sources have known security vulnerabilities.
For Open Source projects, there is pretty much no downside to turning this on. For proprietary projects, it could leak information about the source that the developer might prefer to keep secret.
My action has an input that controls this option, and I’d like the default be an “automatic” heuristic: turn on the metadata for public repositories and turn it off for private repositories. My only problem is that I’m not sure how to determine this from the information provided by the Github Actions runner. Would anyone be able to point me in the right direction?