diff --git a/.github/workflows/assign.yml b/.github/workflows/assign.yml
index 3ed6bf4fbab..ac24417653f 100644
--- a/.github/workflows/assign.yml
+++ b/.github/workflows/assign.yml
@@ -7,7 +7,10 @@ on:
 jobs:
   assign:
     # Only run on issue comments (not PR comments)
-    if: "!github.event.issue.pull_request && contains(github.event.comment.body, '/assign')"
+    if: |
+      !github.event.issue.pull_request &&
+      contains(github.event.comment.body, '/assign') &&
+      github.repository == 'podman-container-tools/podman'
     runs-on: ubuntu-latest
     permissions:
       issues: write
diff --git a/.github/workflows/cherry-pick.yml b/.github/workflows/cherry-pick.yml
index 0ca64a883cc..e29ec04b0ae 100644
--- a/.github/workflows/cherry-pick.yml
+++ b/.github/workflows/cherry-pick.yml
@@ -11,7 +11,8 @@ jobs:
     if: |
       github.event_name == 'issue_comment' &&
       github.event.issue.pull_request &&
-      contains(github.event.comment.body, '/cherry-pick ')
+      contains(github.event.comment.body, '/cherry-pick ') &&
+      github.repository == 'podman-container-tools/podman'
     runs-on: ubuntu-latest
     permissions:
       contents: write
@@ -194,7 +195,8 @@ jobs:
   cherry-pick-on-merge:
     if: |
       github.event_name == 'pull_request' &&
-      github.event.pull_request.merged == true
+      github.event.pull_request.merged == true &&
+      github.repository == 'podman-container-tools/podman'
     runs-on: ubuntu-latest
     permissions:
       contents: write
diff --git a/.github/workflows/dev-bump.yml b/.github/workflows/dev-bump.yml
index 7fa25c62dec..89967809d0a 100644
--- a/.github/workflows/dev-bump.yml
+++ b/.github/workflows/dev-bump.yml
@@ -8,6 +8,7 @@ permissions: {}
 
 jobs:
   bump:
+    if: github.repository == 'podman-container-tools/podman'
     name: Bump to -dev
     runs-on: ubuntu-latest
     permissions:
diff --git a/.github/workflows/first_contrib_cert_generator.yml b/.github/workflows/first_contrib_cert_generator.yml
index c39d1fc2b85..a22ee4420b4 100644
--- a/.github/workflows/first_contrib_cert_generator.yml
+++ b/.github/workflows/first_contrib_cert_generator.yml
@@ -22,7 +22,12 @@ jobs:
   screenshot_and_comment:
     # This job runs if the PR was merged or if it's a manual trigger.
     # The logic for first-time contributors is handled in a dedicated step below.
-    if: ${{ github.event_name == 'workflow_dispatch' || github.event.pull_request.merged == true }}
+    if: |
+     (
+       github.event_name == 'workflow_dispatch' ||
+       github.event.pull_request.merged == true
+     ) &&
+     github.repository == 'podman-container-tools/podman'
     runs-on: ubuntu-latest
     permissions:
       contents: read  # Write access for certificate storage
diff --git a/.github/workflows/issue-labeler.yml b/.github/workflows/issue-labeler.yml
index 12f2a59576a..895527e863e 100644
--- a/.github/workflows/issue-labeler.yml
+++ b/.github/workflows/issue-labeler.yml
@@ -8,6 +8,7 @@ permissions:
 
 jobs:
   triage:
+    if: github.repository == 'podman-container-tools/podman'
     permissions:
       contents: read  # for github/issue-labeler to get repo contents
       issues: write  # for github/issue-labeler to create or remove labels
diff --git a/.github/workflows/issue_pr_lock.yml b/.github/workflows/issue_pr_lock.yml
index 303eb48a07e..b379bd8339d 100644
--- a/.github/workflows/issue_pr_lock.yml
+++ b/.github/workflows/issue_pr_lock.yml
@@ -45,6 +45,7 @@ env:
 
 jobs:
   manage_locking:
+    if: github.repository == 'podman-container-tools/podman'
     runs-on: ubuntu-latest
     permissions:
       issues: write
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index 8d3f141f303..22d7cba6273 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -7,6 +7,7 @@ permissions: {}
 
 jobs:
   triage:
+    if: github.repository == 'podman-container-tools/podman'
     permissions:
       contents: read
       pull-requests: write
diff --git a/.github/workflows/machine-os-pr.yml b/.github/workflows/machine-os-pr.yml
index ee389e736ff..d8767a455d7 100644
--- a/.github/workflows/machine-os-pr.yml
+++ b/.github/workflows/machine-os-pr.yml
@@ -14,6 +14,7 @@ concurrency:
 
 jobs:
   podman-image-build-pr:
+    if: github.repository == 'podman-container-tools/podman'
     name: Open PR on podman-machine-os
     runs-on: ubuntu-latest
     permissions:
diff --git a/.github/workflows/needs-info-labeler.yaml b/.github/workflows/needs-info-labeler.yaml
index aa048b27f50..da4236686bd 100644
--- a/.github/workflows/needs-info-labeler.yaml
+++ b/.github/workflows/needs-info-labeler.yaml
@@ -8,7 +8,9 @@ permissions: {}
 
 jobs:
   add-comment:
-    if: github.event.label.name == 'needs-info'
+    if: |
+      github.event.label.name == 'needs-info' &&
+      github.repository == 'podman-container-tools/podman'
     runs-on: ubuntu-latest
     permissions:
       issues: write
diff --git a/.github/workflows/release-pipeline-validation.yml b/.github/workflows/release-pipeline-validation.yml
index 7a1b9e22601..19553d4642c 100644
--- a/.github/workflows/release-pipeline-validation.yml
+++ b/.github/workflows/release-pipeline-validation.yml
@@ -17,7 +17,9 @@ jobs:
   get-latest-release:
     name: Get branch for latest release
     runs-on: ubuntu-latest
-    if: github.event_name == 'schedule'
+    if: |
+      github.event_name == 'schedule' &&
+      github.repository == 'podman-container-tools/podman'
     outputs:
       release_ref: ${{ steps.set.outputs.release_ref }}
     steps:
@@ -44,7 +46,9 @@ jobs:
   build-artifacts-main:
     name: Build Artifacts (main)
     uses: ./.github/workflows/build-artifacts.yml
-    if: github.event_name == 'schedule'
+    if: |
+      github.event_name == 'schedule' &&
+      github.repository == 'podman-container-tools/podman'
     with:
       version: 'main'
     secrets:
@@ -89,7 +93,9 @@ jobs:
   build-artifacts-single:
     name: Build Artifacts
     uses: ./.github/workflows/build-artifacts.yml
-    if: github.event_name == 'workflow_dispatch'
+    if: |
+      github.event_name == 'workflow_dispatch' &&
+      github.repository == 'podman-container-tools/podman'
     with:
       version: ${{ inputs.ref }}
     secrets:
@@ -110,6 +116,7 @@ jobs:
 
   validate-tokens:
     name: Validate GitHub tokens
+    if: github.repository == 'podman-container-tools/podman'
     runs-on: ubuntu-latest
     steps:
       - name: Validate PODMANBOT_TOKEN
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 20a6d7a42b3..ea6df03e12a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -21,6 +21,7 @@ permissions:
 
 jobs:
   check:
+    if: github.repository == 'podman-container-tools/podman'
     name: Check
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index c2973929417..2a92526acd3 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -12,7 +12,7 @@ permissions:
 
 jobs:
   stale:
-
+    if: github.repository == 'podman-container-tools/podman'
     permissions:
       issues: write  # for actions/stale to close stale issues
       pull-requests: write  # for actions/stale to close stale PRs
diff --git a/.github/workflows/update-podmanio.yml b/.github/workflows/update-podmanio.yml
index a93fb86fcb0..4034fa89682 100644
--- a/.github/workflows/update-podmanio.yml
+++ b/.github/workflows/update-podmanio.yml
@@ -22,6 +22,7 @@ permissions: {}
 
 jobs:
   bump:
+    if: github.repository == 'podman-container-tools/podman'
     name: Bump
     runs-on: ubuntu-24.04
     permissions: