Skip to content

Commit

Permalink
[actions] don't run Amplify on PRs from forks
Browse files Browse the repository at this point in the history
GitHub does not mint OIDC tokens for externally sourced PRs so this
workflow can't successfully run. An alternative solution (like via an
approval comment?) should be identified and implemented eventually to
allow the workflow for previous contributors using their own forks.

This also updates the workflow to run on the develop branch.
  • Loading branch information
lae committed Dec 3, 2024
1 parent b9eda0d commit d217ed6
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/amplify.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ on:
pull_request: {}
workflow_dispatch: {}
push:
branches: ["main"]
branches: ["main", "develop"]

permissions:
contents: read
Expand All @@ -14,7 +14,7 @@ jobs:
amplify-security-scan:
name: Amplify Security Scan
runs-on: ubuntu-latest
if: (github.actor != 'dependabot[bot]')
if: github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]'
steps:
- name: Checkout
uses: actions/checkout@v4
Expand Down

0 comments on commit d217ed6

Please sign in to comment.