diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 99977eb..9197394 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,7 +6,7 @@ on: - master tags: - '[0-9]+\.[0-9]+\.[0-9]+' - pull_request: + pull_request_target: # forks don't have access to secrets if we use `pull_request`, which is required for codecov branches: - master @@ -39,6 +39,10 @@ jobs: build-test: name: Build and Test runs-on: macos-14 + if: | + github.event_name == 'push' || + !github.event.pull_request.head.repo.fork || + (github.event.pull_request.head.repo.fork && contains(github.event.pull_request.labels.*.name, 'run ci')) env: WORKSPACE: Alicerce.xcworkspace SCHEME: Alicerce @@ -133,6 +137,10 @@ jobs: swiftpm: name: SwiftPM Build runs-on: macos-14 + if: | + github.event_name == 'push' || + !github.event.pull_request.head.repo.fork || + (github.event.pull_request.head.repo.fork && contains(github.event.pull_request.labels.*.name, 'run ci')) env: WORKSPACE: Alicerce.xcworkspace SCHEME: "Alicerce (SPM)" @@ -203,6 +211,10 @@ jobs: cocoapods: name: CocoaPods Verification runs-on: macos-14 + if: | + github.event_name == 'push' || + !github.event.pull_request.head.repo.fork || + (github.event.pull_request.head.repo.fork && contains(github.event.pull_request.labels.*.name, 'run ci')) steps: - name: git checkout uses: actions/checkout@v3 @@ -232,6 +244,10 @@ jobs: carthage: name: Carthage Verification runs-on: macos-14 + if: | + github.event_name == 'push' || + !github.event.pull_request.head.repo.fork || + (github.event.pull_request.head.repo.fork && contains(github.event.pull_request.labels.*.name, 'run ci')) env: # Use Xcode 15.3 (latest) for Carthage to avoid iOS device/simulator version mismatches DEVELOPER_DIR: "/Applications/Xcode_15.3.app/Contents/Developer"