Disable secret-depending CI jobs when run from forks

[paulb777]

Gemini's summary:

High-Level Goal:
The goal was to update the GitHub Actions workflows to prevent jobs that require secrets from running on pull requests from forked repositories. This is a crucial security measure for open-source projects.

Summary of Changes:
For each workflow file in .github/workflows/, I performed the following:

1. Identified jobs that use secrets, either through a secrets: block or by passing secrets to other workflows or scripts.
2. For each identified job, I added an if condition to prevent it from running on forked repositories. The standard condition used was if: github.event.pull_request.head.repo.fork == false.
3. In cases where a job's existing if condition already included a check for the event type (e.g., github.event_name == 'pull_request'), the condition was carefully updated to (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false).
4. Initially, I added this check to all jobs using secrets, but based on your feedback, I correctly removed the redundant checks from jobs calling reusable workflows (like _quickstart.yml) that already have the necessary fork protection built-in.

Logic and Correctness:

• The approach of adding an if condition based on github.event.pull_request.head.repo.fork is the standard and correct way to achieve the desired
  outcome in GitHub Actions.
• The logic correctly distinguishes between pull requests from the base repository and those from forks, ensuring that secrets are not exposed to untrusted code.
• The changes were applied consistently across all relevant workflow files, providing a uniform security posture.

#no-changelog

[gemini-code-assist]

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

[paulb777]

/gemini review

[gemini-code-assist]

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.