From 214cd349c2ed0bd9f8344f5843c91bbf364a7d6c Mon Sep 17 00:00:00 2001 From: "alex.stanfield" <13949480+chaptersix@users.noreply.github.com> Date: Fri, 21 Nov 2025 18:53:49 -0600 Subject: [PATCH 1/2] Restrict trigger-docs workflow to temporalio/cli repository only Prevent the workflow from running in forks by adding a repository check. This ensures documentation updates only trigger from the official repo. --- .github/workflows/trigger-docs.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/trigger-docs.yml b/.github/workflows/trigger-docs.yml index 645d976b5..b39848cb3 100644 --- a/.github/workflows/trigger-docs.yml +++ b/.github/workflows/trigger-docs.yml @@ -5,6 +5,7 @@ on: types: [published] jobs: update: + if: github.repository == 'temporalio/cli' runs-on: ubuntu-latest defaults: run: From de4a3ec80d741adf4956e9ddd6575fd79fc911d3 Mon Sep 17 00:00:00 2001 From: "alex.stanfield" <13949480+chaptersix@users.noreply.github.com> Date: Fri, 21 Nov 2025 18:57:05 -0600 Subject: [PATCH 2/2] Use version tag instead of commit SHA for goreleaser action --- .github/workflows/build-and-publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index d8bde874c..bf0eea9e8 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -90,7 +90,7 @@ jobs: - name: Run GoReleaser (release) if: inputs.publish - uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 + uses: goreleaser/goreleaser-action@v6.4.0 with: version: v2.12.7 args: release @@ -104,7 +104,7 @@ jobs: - name: Run GoReleaser (snapshot) if: ${{ !inputs.publish }} - uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 + uses: goreleaser/goreleaser-action@v6.4.0 with: version: v2.12.7 args: release --snapshot --clean