From 94a6307714c27a8159e034f67dded9579798d2a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E4=BD=B3=E6=9D=A8?= Date: Sun, 19 Apr 2026 17:57:34 +0800 Subject: [PATCH 1/2] fix(ci): add repository check to prevent workflows from running on forks Add if: github.repository == 'google/adk-python' guard to workflows that lack this protection: v2-sync, issue-monitor, and copybara-pr-handler. These workflows use secrets unavailable on forks, causing daily failures. --- .github/workflows/copybara-pr-handler.yml | 1 + .github/workflows/issue-monitor.yml | 1 + .github/workflows/v2-sync.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/.github/workflows/copybara-pr-handler.yml b/.github/workflows/copybara-pr-handler.yml index 4ca3c48803..5d6fbfb384 100644 --- a/.github/workflows/copybara-pr-handler.yml +++ b/.github/workflows/copybara-pr-handler.yml @@ -17,6 +17,7 @@ on: jobs: close-imported-pr: + if: github.repository == 'google/adk-python' runs-on: ubuntu-latest permissions: pull-requests: write diff --git a/.github/workflows/issue-monitor.yml b/.github/workflows/issue-monitor.yml index e0dc82dcf7..3829e69436 100644 --- a/.github/workflows/issue-monitor.yml +++ b/.github/workflows/issue-monitor.yml @@ -30,6 +30,7 @@ on: jobs: sweep-spam: + if: github.repository == 'google/adk-python' runs-on: ubuntu-latest timeout-minutes: 120 permissions: diff --git a/.github/workflows/v2-sync.yml b/.github/workflows/v2-sync.yml index c627f40d46..a14e090dd2 100644 --- a/.github/workflows/v2-sync.yml +++ b/.github/workflows/v2-sync.yml @@ -13,6 +13,7 @@ permissions: jobs: sync: + if: github.repository == 'google/adk-python' runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 From 6601a67cd1b74b2d50820edd7944b4ab1d080466 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E4=BD=B3=E6=9D=A8?= Date: Mon, 8 Jun 2026 18:58:52 +0800 Subject: [PATCH 2/2] fix(ci): Escape colon in release-update-adk-web workflow name The unquoted colon in the workflow's `name` field made the YAML unparseable: GitHub Actions rejected the file with "mapping values are not allowed here" and produced a run with zero jobs, while pre-commit's `check-yaml` hook failed with the same error on push. Wrapping the value in double quotes lets both parsers accept the file. --- .github/workflows/release-update-adk-web.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-update-adk-web.yaml b/.github/workflows/release-update-adk-web.yaml index e99f464c95..6b123d0400 100644 --- a/.github/workflows/release-update-adk-web.yaml +++ b/.github/workflows/release-update-adk-web.yaml @@ -1,4 +1,4 @@ -name: Release: Update ADk Web +name: "Release: Update ADk Web" on: workflow_dispatch: