From 14b8a999f3929975756ed6f9dc33c54977b5cedc Mon Sep 17 00:00:00 2001
From: Ivan Gabaldon <igabaldon@inetol.net>
Date: Sun, 25 May 2025 14:54:27 +0200
Subject: [PATCH] [mod] ci: exclude some workflows from forks (#4849)

Excludes some workflows/jobs unneeded on forks.

Closes https://github.com/searxng/searxng/issues/4847
---
 .github/workflows/cleanup.yml   |  2 ++
 .github/workflows/container.yml | 17 ++++++++++-------
 .github/workflows/security.yml  |  3 ++-
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
index 85e22ce9d..d6af8feee 100644
--- a/.github/workflows/cleanup.yml
+++ b/.github/workflows/cleanup.yml
@@ -16,6 +16,8 @@ permissions:
 
 jobs:
   container-cache:
+    # FIXME: On forks it fails with "Failed to fetch packages: missing field `id` at line 1 column 141"
+    if: github.repository_owner == 'searxng' || github.event_name == 'workflow_dispatch'
     name: Container cache
     runs-on: ubuntu-24.04
     permissions:
diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index ccdba770e..0285bcd5c 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -36,16 +36,19 @@ jobs:
       packages: write
 
     steps:
-      - name: Checkout
+      - if: github.repository_owner == 'searxng'
+        name: Checkout
         uses: actions/checkout@v4
         with:
           persist-credentials: "false"
 
-      - name: Get date
+      - if: github.repository_owner == 'searxng'
+        name: Get date
         id: date
         run: echo "date=$(date +'%Y%m%d')" >>$GITHUB_OUTPUT
 
-      - name: Check cache apko
+      - if: github.repository_owner == 'searxng'
+        name: Check cache apko
         id: cache-apko
         uses: actions/cache/restore@v4
         with:
@@ -54,7 +57,7 @@ jobs:
           path: "/tmp/.apko/"
           lookup-only: true
 
-      - if: steps.cache-apko.outputs.cache-hit != 'true'
+      - if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
         name: Setup cache apko
         uses: actions/cache@v4
         with:
@@ -63,13 +66,13 @@ jobs:
           restore-keys: "apko-${{ steps.date.outputs.date }}-"
           path: "/tmp/.apko/"
 
-      - if: steps.cache-apko.outputs.cache-hit != 'true'
+      - if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
         name: Setup apko
         run: |
           eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
           brew install apko
 
-      - if: steps.cache-apko.outputs.cache-hit != 'true'
+      - if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
         name: Login to GHCR
         uses: docker/login-action@v3
         with:
@@ -77,7 +80,7 @@ jobs:
           username: "${{ github.repository_owner }}"
           password: "${{ secrets.GITHUB_TOKEN }}"
 
-      - if: steps.cache-apko.outputs.cache-hit != 'true'
+      - if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
         name: Build
         run: |
           eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index e994306b8..73a5fd77f 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -16,6 +16,7 @@ permissions:
 
 jobs:
   container:
+    if: github.repository_owner == 'searxng'
     name: Container
     runs-on: ubuntu-24.04-arm
     permissions:
@@ -30,7 +31,7 @@ jobs:
       - name: Run Trivy scanner
         uses: aquasecurity/trivy-action@0.30.0
         with:
-          image-ref: "docker.io/searxng/searxng:latest"
+          image-ref: "ghcr.io/searxng/searxng:latest"
           vuln-type: "os,library"
           severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
           ignore-unfixed: "false"