Skip to content

Comments

fix(ci): skip publish job on fork PRs to prevent permission failures#359

Merged
zemaj merged 2 commits intomainfrom
fix/preview-build-fork-publish
Oct 28, 2025
Merged

fix(ci): skip publish job on fork PRs to prevent permission failures#359
zemaj merged 2 commits intomainfrom
fix/preview-build-fork-publish

Conversation

@zemaj
Copy link

@zemaj zemaj commented Oct 28, 2025

Summary

This PR fixes the CI failure in the preview-build workflow when triggered by pull requests from forks. The release and comment jobs were attempting to publish prereleases and post comments for all PRs, including those from forked repositories. Fork PRs don't have write access to create releases in the main repository, causing these jobs to fail.

Changes

  • Added a condition to the release job to only run for PRs from the main repository (not forks)
  • Added the same condition to the comment job (which depends on release)
  • The condition checks: github.event.pull_request.head.repo.full_name == github.repository
  • Build and test jobs will still run for all PRs (including forks) to validate the code
  • Publishing and commenting are now limited to trusted contexts (same-repo PRs)

Affected Files

  • .github/workflows/preview-build.yml

Testing

The change can be validated by:

  1. Observing that fork PRs will run the build job but skip release and comment jobs
  2. Same-repo PRs will continue to run all jobs as before
  3. The workflow YAML syntax has been validated with actionlint

Fixes

🤖 Generated with Claude Code

zemaj and others added 2 commits October 28, 2025 13:47
@zemaj
docs: remove temporary issue report files
7f99542
@zemaj @claude
fix(ci): skip publish job on fork PRs to prevent permission failures
a182d19 
The preview-build workflow was attempting to publish prereleases for all
PRs, including those from forks. Fork PRs don't have write access to
create releases, causing the publish job to fail.

This change adds a condition to only run the release and comment jobs for
PRs originating from the main repository (not forks) by checking:
  github.event.pull_request.head.repo.full_name == github.repository

The build job will still run for all PRs (including forks) to validate
the code, but publishing is now limited to trusted contexts.

Fixes: #355
Fixes: #356

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@zemaj zemaj mentioned this pull request Oct 28, 2025
Closed
@zemaj
Copy link
Author

zemaj commented Oct 28, 2025

Appreciate the workflow patch—could we merge this along with #356? It keeps the publish job off fork PRs so they don’t fail while still letting maintainers trigger it manually. Together with the toolchain update in #356 this should stop preview builds from redlining external PRs.

@zemaj zemaj merged commit c6e1f1b into main Oct 28, 2025
4 of 7 checks passed
This was referenced Oct 28, 2025
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zemaj