@@ -76,12 +76,29 @@ jobs:
7676 steps :
7777 - uses : actions/checkout@v4
7878
79+ - name : Gate external fork PRs
80+ id : gate
81+ shell : bash
82+ run : |
83+ if [ "${{ github.event_name }}" = "pull_request" ] && [ "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.repository }}" ]; then
84+ echo "enabled=false" >> "$GITHUB_OUTPUT"
85+ else
86+ echo "enabled=true" >> "$GITHUB_OUTPUT"
87+ fi
88+
89+ name : Skip integration for external fork PRs
90+ if : steps.gate.outputs.enabled != 'true'
91+ run : |
92+ echo "Skipping droplet integration for external fork pull requests (secrets are unavailable)."
93+
7994name : Generate ephemeral SSH key
95+ if : steps.gate.outputs.enabled == 'true'
8096 run : |
8197 mkdir -p ~/.ssh
8298 ssh-keygen -t ed25519 -f ~/.ssh/ci_key -N "" -q
8399
84100name : Create droplet
101+ if : steps.gate.outputs.enabled == 'true'
85102 id : droplet
86103 env :
87104 DO_API_TOKEN : ${{ secrets.DO_API_TOKEN }}
94111 echo "$output"
95112
96113name : Wait for SSH
114+ if : steps.gate.outputs.enabled == 'true'
97115 env :
98116 DO_API_TOKEN : ${{ secrets.DO_API_TOKEN }}
99117 run : |
@@ -102,6 +120,7 @@ jobs:
102120 ~/.ssh/ci_key
103121
104122name : Upload source
123+ if : steps.gate.outputs.enabled == 'true'
105124 run : |
106125 tar czf /tmp/baudbot-src.tar.gz \
107126 --exclude=node_modules --exclude=.git .
@@ -111,6 +130,7 @@ jobs:
111130 "root@${{ steps.droplet.outputs.DROPLET_IP }}:/tmp/baudbot-src.tar.gz"
112131
113132name : Setup and test
133+ if : steps.gate.outputs.enabled == 'true'
114134 run : |
115135 bash bin/ci/droplet.sh run \
116136 "${{ steps.droplet.outputs.DROPLET_IP }}" \
@@ -119,7 +139,7 @@ jobs:
119139 "CI_ANTHROPIC_API_KEY=${{ secrets.CI_ANTHROPIC_API_KEY }}"
120140
121141name : Cleanup
122- if : always()
142+ if : always() && steps.gate.outputs.enabled == 'true'
123143 env :
124144 DO_API_TOKEN : ${{ secrets.DO_API_TOKEN }}
125145 run : |
0 commit comments