diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 3e3174a..8b9a278 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -30,12 +30,14 @@ jobs: # Upload to Test PyPI on every commit on main. release-test-pypi: name: Publish in-dev package to test.pypi.org - if: github.event_name == 'push' && github.ref == 'refs/heads/main' + if: | + github.repository_owner == 'pylast' + && github.event_name == 'push' + && github.ref == 'refs/heads/main' runs-on: ubuntu-latest needs: build-package permissions: - # IMPORTANT: this permission is mandatory for trusted publishing id-token: write steps: @@ -53,12 +55,13 @@ jobs: # Upload to real PyPI on GitHub Releases. release-pypi: name: Publish released package to pypi.org - if: github.event.action == 'published' + if: | + github.repository_owner == 'pylast' + && github.event.action == 'published' runs-on: ubuntu-latest needs: build-package permissions: - # IMPORTANT: this permission is mandatory for trusted publishing id-token: write steps: diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml index 9ca7454..859c948 100644 --- a/.github/workflows/labels.yml +++ b/.github/workflows/labels.yml @@ -1,5 +1,8 @@ name: Sync labels +permissions: + pull-requests: write + on: push: branches: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index f8f9a2b..dae63b0 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -2,6 +2,9 @@ name: Lint on: [push, pull_request, workflow_dispatch] +env: + FORCE_COLOR: 1 + permissions: contents: read diff --git a/.github/workflows/require-pr-label.yml b/.github/workflows/require-pr-label.yml index 85c3e3e..0d910db 100644 --- a/.github/workflows/require-pr-label.yml +++ b/.github/workflows/require-pr-label.yml @@ -10,6 +10,7 @@ jobs: permissions: issues: write + pull-requests: write steps: - uses: mheap/github-action-required-labels@v5