diff --git a/.github/workflows/actions-lint.yml b/.github/workflows/actions-lint.yml index 1e987808a..ae0eca96e 100644 --- a/.github/workflows/actions-lint.yml +++ b/.github/workflows/actions-lint.yml @@ -13,7 +13,15 @@ jobs: name: GitHub actions runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Check out pull request code + uses: actions/checkout@v4 + if: github.event_name == 'pull_request' + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} + + - name: Check out repository code + uses: actions/checkout@v4 + if: github.event_name == 'push' - uses: docker://rhysd/actionlint:latest with: diff --git a/.github/workflows/automated-end-to-end-api.yaml b/.github/workflows/automated-end-to-end-api.yaml index 333c81341..f878fb175 100644 --- a/.github/workflows/automated-end-to-end-api.yaml +++ b/.github/workflows/automated-end-to-end-api.yaml @@ -18,8 +18,15 @@ jobs: with: concurrent_skipping: 'same_content_newer' - - name: Checkout repository + - name: Check out pull request code uses: actions/checkout@v4 + if: github.event_name == 'pull_request' + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} + + - name: Check out repository code + uses: actions/checkout@v4 + if: github.event_name == 'push' - name: Get changed files id: changed-files-yaml diff --git a/.github/workflows/browser-testing.yml b/.github/workflows/browser-testing.yml index fb9ed2f1f..6a43c3549 100644 --- a/.github/workflows/browser-testing.yml +++ b/.github/workflows/browser-testing.yml @@ -19,8 +19,15 @@ jobs: with: concurrent_skipping: 'same_content_newer' - - name: Checkout + - name: Check out pull request code uses: actions/checkout@v4 + if: github.event_name == 'pull_request' + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} + + - name: Check out repository code + uses: actions/checkout@v4 + if: github.event_name == 'push' - uses: actions/setup-node@v4 with: diff --git a/.github/workflows/build-storybook.yml b/.github/workflows/build-storybook.yml index ca6c2f358..96dfdac9d 100644 --- a/.github/workflows/build-storybook.yml +++ b/.github/workflows/build-storybook.yml @@ -11,8 +11,15 @@ jobs: if: github.repository == 'owncast/owncast' steps: - - name: Checkout + - name: Check out pull request code uses: actions/checkout@v4 + if: github.event_name == 'pull_request' + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} + + - name: Check out repository code + uses: actions/checkout@v4 + if: github.event_name == 'push' - name: Cache node modules uses: actions/cache@v4 diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml index 82ab098ee..ba2d2b92b 100644 --- a/.github/workflows/chromatic.yml +++ b/.github/workflows/chromatic.yml @@ -28,13 +28,15 @@ jobs: with: concurrent_skipping: 'same_content_newer' - - name: Check out code + - name: Check out pull request code uses: actions/checkout@v4 + if: github.event_name == 'pull_request' with: - # Make sure the actual branch is checked out when running on pull requests - ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} - fetch-depth: 0 + + - name: Check out repository code + uses: actions/checkout@v4 + if: github.event_name == 'push' - name: Get changed files id: changed-files-yaml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8392c1938..d8607b68e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -36,8 +36,15 @@ jobs: # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed steps: - - name: Checkout repository + - name: Check out pull request code uses: actions/checkout@v4 + if: github.event_name == 'pull_request' + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} + + - name: Check out repository code + uses: actions/checkout@v4 + if: github.event_name == 'push' - uses: actions/setup-go@v5 with: diff --git a/.github/workflows/container-lint.yml b/.github/workflows/container-lint.yml index 3d0319c53..88c765e05 100644 --- a/.github/workflows/container-lint.yml +++ b/.github/workflows/container-lint.yml @@ -19,7 +19,15 @@ jobs: container: image: aquasec/trivy steps: - - uses: actions/checkout@v4 + - name: Check out pull request code + uses: actions/checkout@v4 + if: github.event_name == 'pull_request' + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} + + - name: Check out repository code + uses: actions/checkout@v4 + if: github.event_name == 'push' - name: Check critical issues run: trivy config --exit-code 1 --severity "HIGH,CRITICAL" ./Dockerfile diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index 7993e1db3..14c9e6a22 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -37,10 +37,15 @@ jobs: image: tonistiigi/binfmt:latest platforms: all - - name: Checkout repo + - name: Check out pull request code uses: actions/checkout@v4 + if: github.event_name == 'pull_request' with: - fetch-depth: 0 + repository: ${{ github.event.pull_request.head.repo.full_name }} + + - name: Check out repository code + uses: actions/checkout@v4 + if: github.event_name == 'push' - name: Build and push if: ${{ github.event_name == 'schedule' && env.GH_CR_PAT != null }} diff --git a/.github/workflows/css-lint.yaml b/.github/workflows/css-lint.yaml index 326253562..7694adea8 100644 --- a/.github/workflows/css-lint.yaml +++ b/.github/workflows/css-lint.yaml @@ -16,8 +16,15 @@ jobs: working-directory: ./web steps: - - name: Checkout repository + - name: Check out pull request code uses: actions/checkout@v4 + if: github.event_name == 'pull_request' + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} + + - name: Check out repository code + uses: actions/checkout@v4 + if: github.event_name == 'push' - name: Get changed files id: changed-files-yaml diff --git a/.github/workflows/generate-api-documentation.yaml b/.github/workflows/generate-api-documentation.yaml index 96351dd68..d402f69ef 100644 --- a/.github/workflows/generate-api-documentation.yaml +++ b/.github/workflows/generate-api-documentation.yaml @@ -9,8 +9,15 @@ jobs: name: Generate API Documentation runs-on: ubuntu-latest steps: - - name: Checkout repo + - name: Check out pull request code uses: actions/checkout@v4 + if: github.event_name == 'pull_request' + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} + + - name: Check out repository code + uses: actions/checkout@v4 + if: github.event_name == 'push' - name: Run redoc on openapi.yaml run: | diff --git a/.github/workflows/hls-tests.yml b/.github/workflows/hls-tests.yml index d5d35ed49..6200ad2d7 100644 --- a/.github/workflows/hls-tests.yml +++ b/.github/workflows/hls-tests.yml @@ -25,8 +25,15 @@ jobs: with: concurrent_skipping: 'same_content_newer' - - name: Checkout repository + - name: Check out pull request code uses: actions/checkout@v4 + if: github.event_name == 'pull_request' + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} + + - name: Check out repository code + uses: actions/checkout@v4 + if: github.event_name == 'push' - name: Get changed files id: changed-files-yaml diff --git a/.github/workflows/javascript-format-build.yml b/.github/workflows/javascript-format-build.yml index f4d223265..8a2ab2b3d 100644 --- a/.github/workflows/javascript-format-build.yml +++ b/.github/workflows/javascript-format-build.yml @@ -28,14 +28,15 @@ jobs: cancel_others: 'true' skip_after_successful_duplicate: 'true' - - name: Checkout + - name: Check out pull request code uses: actions/checkout@v4 + if: github.event_name == 'pull_request' with: - # Make sure the actual branch is checked out when running on pull requests - ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} - fetch-depth: 0 - persist-credentials: true + + - name: Check out repository code + uses: actions/checkout@v4 + if: github.event_name == 'push' - name: Get changed files id: changed-files-yaml @@ -101,13 +102,15 @@ jobs: cancel_others: 'true' skip_after_successful_duplicate: 'true' - - name: Checkout + - name: Check out pull request code uses: actions/checkout@v4 + if: github.event_name == 'pull_request' with: - # Make sure the actual branch is checked out when running on pull requests - ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} - fetch-depth: 0 + + - name: Check out repository code + uses: actions/checkout@v4 + if: github.event_name == 'push' - name: Cache node modules uses: actions/cache@v4 @@ -155,13 +158,15 @@ jobs: ${{ runner.os }}-build- ${{ runner.os }}- - - name: Checkout + - name: Check out pull request code uses: actions/checkout@v4 + if: github.event_name == 'pull_request' with: - # Make sure the actual branch is checked out when running on pull requests - ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} - fetch-depth: 0 + + - name: Check out repository code + uses: actions/checkout@v4 + if: github.event_name == 'push' - name: Bundle web app (next.js build) run: build/web/bundleWeb.sh diff --git a/.github/workflows/javascript-tests.yml b/.github/workflows/javascript-tests.yml index 8bf6b37ee..7289ccd2c 100644 --- a/.github/workflows/javascript-tests.yml +++ b/.github/workflows/javascript-tests.yml @@ -17,8 +17,15 @@ jobs: with: concurrent_skipping: 'same_content_newer' - - name: Checkout + - name: Check out pull request code uses: actions/checkout@v4 + if: github.event_name == 'pull_request' + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} + + - name: Check out repository code + uses: actions/checkout@v4 + if: github.event_name == 'push' - uses: actions/setup-node@v4 with: diff --git a/.github/workflows/screenshots.yml b/.github/workflows/screenshots.yml index c4c87c174..bad1b5e1f 100644 --- a/.github/workflows/screenshots.yml +++ b/.github/workflows/screenshots.yml @@ -14,7 +14,16 @@ jobs: Screenshots: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Check out pull request code + uses: actions/checkout@v4 + if: github.event_name == 'pull_request' + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} + + - name: Check out repository code + uses: actions/checkout@v4 + if: github.event_name == 'push' + - uses: actions/setup-go@v5 with: go-version: '1.22' diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 3d2989c50..bd3b03932 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -20,7 +20,15 @@ jobs: container: image: docker.io/ubuntu:24.04 steps: - - uses: actions/checkout@v4 + - name: Check out pull request code + uses: actions/checkout@v4 + if: github.event_name == 'pull_request' + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} + + - name: Check out repository code + uses: actions/checkout@v4 + if: github.event_name == 'push' - name: Install shellcheck run: apt update && apt install -y shellcheck bash && shellcheck --version