chore: add more security walls

mandarini · mandarini · commit 3e6fff9b4154 · 2025-08-28T12:44:18.000+03:00
diff --git a/.github/workflows/preview-build.yml b/.github/workflows/preview-build.yml
@@ -15,10 +15,12 @@ on:
 
 jobs:
   build-preview:
-    # Only run if PR has the 'trigger: preview' label
+    # Only run if PR has the 'trigger: preview' label and is on the correct repository
     if: |
+      github.repository == 'supabase/functions-js' &&
       contains(github.event.pull_request.labels.*.name, 'trigger: preview')
     runs-on: ubuntu-latest
+    timeout-minutes: 15
     outputs:
       preview-url: ${{ steps.preview.outputs.url }}
       pr-number: ${{ github.event.pull_request.number }}
@@ -76,7 +78,7 @@ jobs:
           echo "${{ steps.preview.outputs.url }}" > preview-info/preview-url.txt
           echo "${{ github.event.pull_request.number }}" > preview-info/pr-number.txt
           echo "${{ github.event.pull_request.head.sha }}" > preview-info/commit-sha.txt
-          echo "realtime-js" > preview-info/package-name.txt
+          echo "functions-js" > preview-info/package-name.txt
           
       - name: Upload preview info
         uses: actions/upload-artifact@v4
diff --git a/.github/workflows/preview-comment.yml b/.github/workflows/preview-comment.yml
@@ -11,7 +11,10 @@ on:
 
 jobs:
   update-comment:
+    # Only run on the correct repository
+    if: github.repository == 'supabase/functions-js'
     runs-on: ubuntu-latest
+    timeout-minutes: 5
     steps:
       # Get PR number from the workflow run
       - name: Get PR info
@@ -101,7 +104,7 @@ jobs:
             
             ${{ github.event.workflow_run.name == 'Trigger Supabase JS Tests' && github.event.workflow_run.conclusion == 'success' && '✅ **Supabase-js tests triggered successfully!**
             
-            The integration tests are now running. Results will be posted in the supabase-js repository when complete.' || '' }}
+            The integration tests are now running. Results will be posted here when complete.' || '' }}
             
             ${{ github.event.workflow_run.name == 'Trigger Supabase JS Tests' && github.event.workflow_run.conclusion == 'failure' && '⚠️ **Failed to trigger supabase-js tests**
             
diff --git a/.github/workflows/trigger-tests.yml b/.github/workflows/trigger-tests.yml
@@ -22,9 +22,12 @@ on:
 
 jobs:
   trigger-tests:
-    # Only run if the preview build succeeded
-    if: github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success'
+    # Only run if the preview build succeeded and on the correct repository
+    if: |
+      github.repository == 'supabase/functions-js' &&
+      (github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success')
     runs-on: ubuntu-latest
+    timeout-minutes: 10
     steps:
       # For workflow_run trigger, download the preview info
       - name: Download preview info
