don't run actions on pull request from fork

In our action we’re using secrets which, according to my understanding, are not passed down to forks due to security reasons. So every run of actions on a fork always fails. I’d still like to run actions on pull requests from the same repo, though. Is it possible to make this distinction in the actions setup?

Hi @wkotlarski ,

For pull request event,  secrets are not shared between base repo and fork repo, workflow will be triggered on base repo.

You can set ‘if’ expression on job level to check the github.actor, if the actor is NOT the repo owner, it will skip the job then. Code sample as below:

jobs:
  prcheck:
    if: github.actor == 'repo-owner'
    runs-on: [ubuntu-latest]
    steps:
      - name: echo actor
        run: |
          echo ${{github.actor}}

Or you can change the base repo to private, it will prevent pull request from fork repo.

Thanks.

3 Likes

I can’t get this to work. Is this still the best way?

Also will this only work when working as the repo owner, whereas mainteners of that repo might have ability to create braches in the original repo, but not be the repo owner. How can we test if a pull request is from a fork, or from the same repo being merged into?

figured out another way, [as discussed here](http://%20 if: github.event.pull_request.head.repo.full_name == github.repository):

if: github.event.pull_request.head.repo.full_name == github.repository
1 Like