blob: f1dd9b55168f390047e11fe8202a76f73430398e [file] [log] [blame]
name: Forked PR workflow check
# This workflow prevents modifications to our workflow files in PRs from forked
# repositories. Since tests in these PRs always use the workflows in the
# *target* branch, modifications to these files can't be properly tested.
on:
# safe presubmit
pull_request:
branches:
- main
- '[0-9]+.x'
# The 21.x branch still uses Kokoro
- '!21.x'
# For testing purposes so we can stage this on the `gha` branch.
- gha
paths:
- '.github/workflows/**'
jobs:
check:
name: Check PR source
runs-on: ubuntu-latest
steps:
- run: >
${{ github.event.pull_request.head.repo.full_name == 'protocolbuffers/protobuf' }} ||
(echo "This pull request is from an unsafe fork (${{ github.event.pull_request.head.repo.full_name }}) and isn't allowed to modify workflow files!" && exit 1)