Merge pull request #6342 from libgit2/ethomson/actions_limits

CI: limits actions scheduled workflows to the main repo

3 files changed, 41 insertions, 36 deletions

diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml
index 7ae14ca7e..285c273b1 100644
--- a/.github/workflows/benchmark.yml
+++ b/.github/workflows/benchmark.yml
@@ -11,6 +11,10 @@ jobs:
   # targets and their details.  Then we build either in a docker container
   # (Linux) or on the actual hosts (macOS, Windows).
   build:
+    # Only run scheduled workflows on the main repository; prevents people
+    # from using build minutes on their forks.
+    if: github.repository == 'libgit2/libgit2'
+
     strategy:
       matrix:
         platform:
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
deleted file mode 100644
index de1ec5e33..000000000
--- a/.github/workflows/codeql.yml
+++ /dev/null
@@ -1,36 +0,0 @@
-name: "CodeQL"
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: '21 3 * * 1'
-
-env:
-  docker-registry: ghcr.io
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Check out repository
-      uses: actions/checkout@v2
-      with:
-        fetch-depth: 0
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: 'cpp'
-
-    - name: Build
-      run: |
-        mkdir build
-        cd build
-        cmake .. -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON
-        cmake --build .        
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 5f80ed010..856da28a3 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -15,6 +15,10 @@ jobs:
   # targets and their details.  Then we build either in a docker container
   # (Linux) or on the actual hosts (macOS, Windows).
   build:
+    # Only run scheduled workflows on the main repository; prevents people
+    # from using build minutes on their forks.
+    if: github.repository == 'libgit2/libgit2'
+
     strategy:
       matrix:
         platform:
@@ -321,6 +325,10 @@ jobs:
       shell: bash
 
   coverity:
+    # Only run scheduled workflows on the main repository; prevents people
+    # from using build minutes on their forks.
+    if: github.repository == 'libgit2/libgit2'
+
     name: Coverity
     runs-on: ubuntu-latest
     steps:
@@ -340,3 +348,32 @@ jobs:
       run: source/ci/coverity.sh
       env:
         COVERITY_TOKEN: ${{ secrets.coverity_token }}
+
+  codeql:
+    # Only run scheduled workflows on the main repository; prevents people
+    # from using build minutes on their forks.
+    if: github.repository == 'libgit2/libgit2'
+
+    name: CodeQL
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: 'cpp'
+
+    - name: Build
+      run: |
+        mkdir build
+        cd build
+        cmake .. -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON
+        cmake --build .
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1