From d7024896e0617b32f96703ea0616a5cd3bcefe3e Mon Sep 17 00:00:00 2001
From: John Kristensen <john@jerrykan.com>
Date: Wed, 22 Jan 2025 04:32:27 +1100
Subject: [PATCH] Only push images from bitnami/minideb repository (#147)

Make it so that only builds triggered by the `bitnami/minideb`
repository will attempt to push images (because it is the only
repository that has access to the required secrets). This will prevent
builds in forked repositories that don't have access to the secrets from
failing.

Signed-off-by: John Kristensen <john@jerrykan.com>
---
 .github/workflows/main.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 5f8f0d41..571e8efc 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -56,7 +56,7 @@ jobs:
           platform: "${{ matrix.arch }}"
           is_latest: ${{ matrix.dist == env.LATEST }}
       - name: Push
-        if: github.ref == 'refs/heads/master'
+        if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master'
         env:
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
@@ -71,7 +71,7 @@ jobs:
   deploy_manifests:
     runs-on: ubuntu-22.04
     needs: [ build_multiarch ]
-    if: github.ref == 'refs/heads/master'
+    if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master'
     env:
       DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
       DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
@@ -89,7 +89,7 @@ jobs:
     needs:
       - build_multiarch
       - deploy_manifests
-    if: always()
+    if: github.repository == 'bitnami/minideb'
     name: Notify unsuccessful CI run
     steps:
       - name: Notify in Slack channel