From 105dc753d219e4391b548b63718ecb6d6abae45c Mon Sep 17 00:00:00 2001 From: Ben Mares Date: Thu, 23 Jan 2025 09:19:54 -0800 Subject: [PATCH] Don't attest from forks --- .github/workflows/pypi.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml index ee60b6130f..7f80519b19 100644 --- a/.github/workflows/pypi.yml +++ b/.github/workflows/pypi.yml @@ -37,6 +37,8 @@ jobs: - name: Attest GitHub build provenance uses: actions/attest-build-provenance@v2 + # Don't attest from forks + if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository with: subject-path: dist/*.tar.gz @@ -82,6 +84,8 @@ jobs: - name: Attest GitHub build provenance uses: actions/attest-build-provenance@v2 + # Don't attest from forks + if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository with: subject-path: ./wheelhouse/*.whl @@ -117,6 +121,8 @@ jobs: - name: Attest GitHub build provenance uses: actions/attest-build-provenance@v2 + # Don't attest from forks + if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository with: subject-path: dist/*.whl