Distinguish between forked PR and own PR

I want to setup a workflow that only runs on PR’s (so that my PR’s are triggered and also PR’s from people who forked my repository).

The workflow does:

  1. Build docker image
  2. Test docker image
  3. Pushes docker image to dockerhub

I want to make sure, that step **3.** only happens on the PR’s I create myself, but never on PR’s that come from forks.

Is there a way to figure out (e.g.: via env or similar) if the current job runs on a PR that was initially forked or from my own repository?

Yea, you won’t be able to use secrets in Actions run from forks. So if you use secrets to publish this image, it won’t succeed for forks anyway.

I want to explicitly NOT run any steps that require secrets on forked PR’s via some kind of condition.
Everything that comes from myself should allow this step to run.

steps:
  - name: Publish image (only repo owner)
    if: github.event.repository.owner.id == github.event.pull_request.user.id

You can try something like this.

Reference: https://developer.github.com/v3/activity/events/types/#pullrequestevent

I tried exactly this, but it doesn’t work.

I’ve defined it here as suggested:

https://github.com/cytopia/docker-ansible/blob/release-0.16-1/.github/workflows/linting.yml#L39

Then I’ve created a pull request from a forker account to verify this. The build step runs regardless:
https://github.com/cytopia/docker-ansible/pull/33/checks?check_run_id=277956369#step:4:1

And 

if: github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id

I misunderstood you a bit, try this one.

2 Likes

Thanks, this works as expected