ci: don't run membrowse workflows on forks#10566
Merged
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the Membrowse GitHub Actions workflows to avoid running (and reporting to the Membrowse backend) when triggered from forks, aligning with existing fork-guard patterns used in other CI workflows in this repo.
Changes:
- Add a fork guard (
if: github.repository_owner == 'wolfssl') to the scheduled Membrowse report workflow jobs. - Add the same fork guard to the workflow-dispatch Membrowse onboarding workflow jobs.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| .github/workflows/membrowse-report.yml | Adds a job-level fork guard to prevent scheduled/adhoc Membrowse reporting from running on forks. |
| .github/workflows/membrowse-onboard.yml | Adds a job-level fork guard to prevent onboarding workflow dispatch from running on forks. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Forks with Actions enabled would otherwise run the membrowse build matrix on push/workflow_dispatch and report fork builds to the membrowse backend. Guard the jobs in both workflows with github.repository_owner == 'wolfssl' (combined with the existing draft check in the report workflow), matching tls-anvil.yml and coverity-scan-fixes.yml. Also default the analyze/onboard matrix to '[]' so strategy expansion does not error when load-targets is skipped on forks or draft PRs.
julek-wolfssl
force-pushed
the
membrowse-fork-guard
branch
from
49c55f4 to
2703458
Compare
|
Member
|
Jenkins retest this please: "PRB-fips-repo-and-harness-test-v3-part2 completed: FAILURE" |
dgarske
approved these changes
Jun 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The membrowse report job runs on a nightly schedule and would also fire on any fork with Actions enabled, burning fork CI minutes and reporting fork builds to the membrowse backend. Likewise the onboard workflow can be dispatched on a fork.
Guard the jobs in both workflows with
if: github.repository_owner == 'wolfssl', matching the existing fork guard intls-anvil.ymlandcoverity-scan-fixes.yml. The schedule is left unchanged.