Run scheduled workflows only from the main repository

Hi folks,

I have a workflow that runs periodically, precompiles a project, and uploades an image to GCR. The upload step requires secrets for GCR credentials, which are only entered in the settings of the main repository.

How can I check the name of the current repository and not run the workflow at all on repositories under different names (e.g., forks or copies of the repo not recognized as forks), so that the workflow does not fail every time?

My idea was to check for GITHUB_REPOSITORY/github.repository mathing the name of the main repo in an if, but I cannot get the syntax right.

So far I tried:

  1. Adding if: ${GITHUB_REPOSITORY} == 'base/repo' at the workflow-level.
  2. Same as above, but with $GITHUB_REPOSITORY == 'base/repo', "$GITHUB_REPOSITORY" == 'base/repo', ${{ GITHUB_REPOSITORY }} == 'base/repo', and ${{ github.repository }} == 'base/repo'.
  3. Putting the same if but at each job step that can fail without secrets.
  4. Switching the order of if operands, i.e., 'base/repo' == ....

but non of these seem to give valid workflow files. What’s the correct way to handle this?


As mentioned in this ticket, currently we have no ways to call environment variables on job level, ideally the syntax ${{ env.VAR_NAME }} should work but just has not been implemented yet.
You try using the below syntax:

if: github.repository == 'base/repo'

This is using github context instead of environment variables.
When you use expressions in an if conditional, you do not need to use the expression syntax ( ${{ }} ) because GitHub automatically evaluates the if conditional as an expression.

1 Like