From 7ab06bcdc998daedf59c444b506b4e9018ff46b9 Mon Sep 17 00:00:00 2001
From: Ivan Dyachkov <dev@dyachkov.org>
Date: Fri, 10 May 2024 16:24:21 +0200
Subject: [PATCH] ci: some scheduled workflows should only run on emqx/emqx

---
 .github/workflows/codeql.yaml       | 1 +
 .github/workflows/green_master.yaml | 7 ++++---
 .github/workflows/scorecard.yaml    | 3 ++-
 .github/workflows/stale.yaml        | 4 ++--
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index d0b15b119..5bb2d29f0 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -10,6 +10,7 @@ permissions:
 
 jobs:
   analyze:
+    if: github.repository == 'emqx/emqx'
     name: Analyze
     runs-on: ubuntu-22.04
     timeout-minutes: 360
diff --git a/.github/workflows/green_master.yaml b/.github/workflows/green_master.yaml
index 7053247e3..50ff087f9 100644
--- a/.github/workflows/green_master.yaml
+++ b/.github/workflows/green_master.yaml
@@ -30,9 +30,10 @@ jobs:
         shell: bash
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_REPO: ${{ github.repository }}
         run: |
-          gh api --method GET -f head_sha=$(git rev-parse HEAD) -f status=completed -f exclude_pull_requests=true /repos/emqx/emqx/actions/runs > runs.json
+          gh api --method GET -f head_sha=$(git rev-parse HEAD) -f status=completed -f exclude_pull_requests=true /repos/${GITHUB_REPO}/actions/runs > runs.json
           for id in $(jq -r '.workflow_runs[] | select((."conclusion" == "failure") and (."name" != "Keep master green") and .run_attempt < 3) | .id' runs.json); do
-            echo "rerun https://github.com/emqx/emqx/actions/runs/$id"
-            gh api --method POST /repos/emqx/emqx/actions/runs/$id/rerun-failed-jobs || true
+            echo "rerun https://github.com/${GITHUB_REPO}/actions/runs/$id"
+            gh api --method POST /repos/${GITHUB_REPO}/actions/runs/$id/rerun-failed-jobs || true
           done
diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
index cc65fb76b..e82162b5a 100644
--- a/.github/workflows/scorecard.yaml
+++ b/.github/workflows/scorecard.yaml
@@ -16,8 +16,9 @@ permissions: read-all
 
 jobs:
   analysis:
+    if: github.repository == 'emqx/emqx'
     name: Scorecard analysis
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     permissions:
       security-events: write
       id-token: write
diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml
index 11afc7415..69f7eb740 100644
--- a/.github/workflows/stale.yaml
+++ b/.github/workflows/stale.yaml
@@ -13,8 +13,8 @@ permissions:
 
 jobs:
   stale:
-    if: github.repository_owner == 'emqx'
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
+    if: github.repository == 'emqx/emqx'
+    runs-on: ubuntu-22.04
     permissions:
       issues: write
       pull-requests: none