Skip to content

fix(ci): add repository check to prevent workflows from running on forks#5391

Open
Wu-Jiayang wants to merge 9 commits into
google:mainfrom
Wu-Jiayang:fix/workflow-fork-protection
Open

fix(ci): add repository check to prevent workflows from running on forks#5391
Wu-Jiayang wants to merge 9 commits into
google:mainfrom
Wu-Jiayang:fix/workflow-fork-protection

Conversation

@Wu-Jiayang
Copy link
Copy Markdown

@Wu-Jiayang Wu-Jiayang commented Apr 19, 2026
edited
Loading

Summary

  • Add if: github.repository == 'google/adk-python' guard to 3 workflows that lack this protection: v2-sync, issue-monitor, and copybara-pr-handler
  • These workflows use secrets unavailable on forks (RELEASE_PAT, ADK_TRIAGE_AGENT, GOOGLE_API_KEY), causing daily failures on forks

Context

Other scheduled/repo-specific workflows (triage.yml, stale-bot.yml, upload-adk-docs-to-vertex-ai-search.yml) already have this guard. These 3 were missing it, causing errors on forks every day.

Testing Plan

  • Verified that the added condition matches the existing pattern used in triage.yml, stale-bot.yml, and upload-adk-docs-to-vertex-ai-search.yml
  • On forks, the job will be skipped (same behavior as the already-protected workflows)
  • On google/adk-python, the workflows will continue to run as before since the condition evaluates to true

@Wu-Jiayang
fix(ci): add repository check to prevent workflows from running on forks
94a6307 
Add if: github.repository == 'google/adk-python' guard to workflows
that lack this protection: v2-sync, issue-monitor, and copybara-pr-handler.
These workflows use secrets unavailable on forks, causing daily failures.
@adk-bot
Copy link
Copy Markdown
Collaborator

adk-bot commented Apr 19, 2026

Response from ADK Triaging Agent

Hello @Wu-Jiayang, thank you for creating this PR!

Could you please include a testing plan section in your PR to describe how you tested these changes?

This information will help reviewers to review your PR more efficiently. Thanks!

@adk-bot adk-bot added the tools [Component] This issue is related to tools label Apr 19, 2026
@Wu-Jiayang
Copy link
Copy Markdown
Author

Wu-Jiayang commented Apr 19, 2026

Hi @adk-bot, I've added a Testing Plan section to the PR description. Please take a look, thanks!

@rohityan rohityan self-assigned this Apr 20, 2026
@rohityan
Copy link
Copy Markdown
Collaborator

rohityan commented Apr 27, 2026

Hi @Wu-Jiayang , Thank you for your contribution! We appreciate you taking the time to submit this pull request. You could manually disable the workflows on your fork.

@rohityan rohityan added the request clarification [Status] The maintainer need clarification or more information from the author label Apr 27, 2026
@Wu-Jiayang
Copy link
Copy Markdown
Author

Wu-Jiayang commented Apr 28, 2026

I’ve already disabled it in my own fork, but I still think it should be handled via a PR for consistency, since the other workflows are checked as well. @rohityan

@rohityan rohityan added needs review [Status] The PR/issue is awaiting review from the maintainer and removed request clarification [Status] The maintainer need clarification or more information from the author labels May 8, 2026
@rohityan rohityan assigned Jacksunwei and unassigned Jacksunwei May 8, 2026
@rohityan rohityan requested a review from Jacksunwei May 8, 2026 23:28
@rohityan
Copy link
Copy Markdown
Collaborator

rohityan commented May 8, 2026

Hi @Jacksunwei , can you please review this. LGTM

Wu-Jiayang and others added 4 commits May 21, 2026 00:11
@Wu-Jiayang
Merge branch 'main' into fix/workflow-fork-protection
05eb0ed
@Wu-Jiayang
Merge branch 'main' into fix/workflow-fork-protection
3e08fa9
@Wu-Jiayang
Merge branch 'main' of https://github.com/Wu-Jiayang/adk-python into …
87e2985 
…fix/workflow-fork-protection
@Wu-Jiayang
fix(ci): Escape colon in release-update-adk-web workflow name
6601a67 
The unquoted colon in the workflow's `name` field made the YAML
unparseable: GitHub Actions rejected the file with "mapping values
are not allowed here" and produced a run with zero jobs, while
pre-commit's `check-yaml` hook failed with the same error on push.
Wrapping the value in double quotes lets both parsers accept the file.
@Wu-Jiayang
Copy link
Copy Markdown
Author

Wu-Jiayang commented Jun 8, 2026

@wyf7107 I found a bug from you and fixed it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Jacksunwei Jacksunwei Awaiting requested review from Jacksunwei

At least 1 approving review is required to merge this pull request.

Assignees

@rohityan rohityan

Labels

needs review [Status] The PR/issue is awaiting review from the maintainer tools [Component] This issue is related to tools

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Wu-Jiayang @adk-bot @rohityan @Jacksunwei