Cutlery/searxng
1
0
Fork 0
mirror of https://github.com/searxng/searxng.git synced 2025-07-08 18:54:37 -04:00
Code Issues Packages Projects Releases Wiki Activity

[mod] ci: exclude some workflows from forks (#4849)

Browse Source 
Excludes some workflows/jobs unneeded on forks.

Closes https://github.com/searxng/searxng/issues/4847
This commit is contained in:
Ivan Gabaldon 2025-05-25 14:54:27 +02:00 committed by GitHub
parent 848c8d0544
commit 14b8a999f3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/cleanup.yml vendored
View File

@ -16,6 +16,8 @@ permissions:
jobs: jobs:
container-cache: container-cache:
# FIXME: On forks it fails with "Failed to fetch packages: missing field `id` at line 1 column 141"
if: github.repository_owner == 'searxng' || github.event_name == 'workflow_dispatch'
name: Container cache name: Container cache
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
permissions: permissions:

17
.github/workflows/container.yml vendored
View File

@ -36,16 +36,19 @@ jobs:
packages: write packages: write
steps: steps:
- name: Checkout - if: github.repository_owner == 'searxng'
name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
persist-credentials: "false" persist-credentials: "false"
- name: Get date - if: github.repository_owner == 'searxng'
name: Get date
id: date id: date
run: echo "date=$(date +'%Y%m%d')" >>$GITHUB_OUTPUT run: echo "date=$(date +'%Y%m%d')" >>$GITHUB_OUTPUT
- name: Check cache apko - if: github.repository_owner == 'searxng'
name: Check cache apko
id: cache-apko id: cache-apko
uses: actions/cache/restore@v4 uses: actions/cache/restore@v4
with: with:
@ -54,7 +57,7 @@ jobs:
path: "/tmp/.apko/" path: "/tmp/.apko/"
lookup-only: true lookup-only: true
- if: steps.cache-apko.outputs.cache-hit != 'true' - if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
name: Setup cache apko name: Setup cache apko
uses: actions/cache@v4 uses: actions/cache@v4
with: with:
@ -63,13 +66,13 @@ jobs:
restore-keys: "apko-${{ steps.date.outputs.date }}-" restore-keys: "apko-${{ steps.date.outputs.date }}-"
path: "/tmp/.apko/" path: "/tmp/.apko/"
- if: steps.cache-apko.outputs.cache-hit != 'true' - if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
name: Setup apko name: Setup apko
run: | run: |
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
brew install apko brew install apko
- if: steps.cache-apko.outputs.cache-hit != 'true' - if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
name: Login to GHCR name: Login to GHCR
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
@ -77,7 +80,7 @@ jobs:
username: "${{ github.repository_owner }}" username: "${{ github.repository_owner }}"
password: "${{ secrets.GITHUB_TOKEN }}" password: "${{ secrets.GITHUB_TOKEN }}"
- if: steps.cache-apko.outputs.cache-hit != 'true' - if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
name: Build name: Build
run: | run: |
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"

3
.github/workflows/security.yml vendored
View File

@ -16,6 +16,7 @@ permissions:
jobs: jobs:
container: container:
if: github.repository_owner == 'searxng'
name: Container name: Container
runs-on: ubuntu-24.04-arm runs-on: ubuntu-24.04-arm
permissions: permissions:
@ -30,7 +31,7 @@ jobs:
- name: Run Trivy scanner - name: Run Trivy scanner
uses: aquasecurity/trivy-action@0.30.0 uses: aquasecurity/trivy-action@0.30.0
with: with:
image-ref: "docker.io/searxng/searxng:latest" image-ref: "ghcr.io/searxng/searxng:latest"
vuln-type: "os,library" vuln-type: "os,library"
severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL" severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
ignore-unfixed: "false" ignore-unfixed: "false"