diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c1c38eb..ce64e2f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -7,6 +7,10 @@ on: jobs: lint: runs-on: [self-hosted, Linux, X64] + # Do not run untrusted fork PR code on the self-hosted runner. + if: >- + github.event_name != 'pull_request' || + github.event.pull_request.head.repo.full_name == github.repository steps: - uses: actions/checkout@v6 - uses: GeiserX/awesome-lint-extra@v1.1.0 @@ -16,6 +20,10 @@ jobs: check_alphabetical: 'true' links: runs-on: [self-hosted, Linux, X64] + # Do not run untrusted fork PR code on the self-hosted runner. + if: >- + github.event_name != 'pull_request' || + github.event.pull_request.head.repo.full_name == github.repository continue-on-error: true steps: - uses: actions/checkout@v6