diff --git a/.github/workflows/build_and_push_docker_images.yaml b/.github/workflows/build_and_push_docker_images.yaml
index dbca3fe38..ec6747c32 100644
--- a/.github/workflows/build_and_push_docker_images.yaml
+++ b/.github/workflows/build_and_push_docker_images.yaml
@@ -142,14 +142,14 @@ jobs:
 
       - name: Login to hub.docker.com
         uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
-        if: inputs.publish || github.repository_owner != 'emqx'
+        if: inputs.publish && contains(matrix.profile[1], 'docker.io')
         with:
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
       - name: Login to AWS ECR
         uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
-        if: inputs.publish || github.repository_owner != 'emqx'
+        if: inputs.publish && contains(matrix.profile[1], 'public.ecr.aws')
         with:
           registry: public.ecr.aws
           username: ${{ secrets.AWS_ACCESS_KEY_ID }}
diff --git a/.github/workflows/build_packages_cron.yaml b/.github/workflows/build_packages_cron.yaml
index 8573b6e11..9cec4244d 100644
--- a/.github/workflows/build_packages_cron.yaml
+++ b/.github/workflows/build_packages_cron.yaml
@@ -68,7 +68,7 @@ jobs:
       - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
         if: success()
         with:
-          name: ${{ matrix.profile[0] }}-${{ matrix.os }}
+          name: ${{ matrix.profile[0] }}-${{ matrix.os }}-${{ github.ref_name }}
           path: _packages/${{ matrix.profile[0] }}/
           retention-days: 7
       - name: Send notification to Slack
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index d0b15b119..5bb2d29f0 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -10,6 +10,7 @@ permissions:
 
 jobs:
   analyze:
+    if: github.repository == 'emqx/emqx'
     name: Analyze
     runs-on: ubuntu-22.04
     timeout-minutes: 360
diff --git a/.github/workflows/green_master.yaml b/.github/workflows/green_master.yaml
index 7053247e3..50ff087f9 100644
--- a/.github/workflows/green_master.yaml
+++ b/.github/workflows/green_master.yaml
@@ -30,9 +30,10 @@ jobs:
         shell: bash
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_REPO: ${{ github.repository }}
         run: |
-          gh api --method GET -f head_sha=$(git rev-parse HEAD) -f status=completed -f exclude_pull_requests=true /repos/emqx/emqx/actions/runs > runs.json
+          gh api --method GET -f head_sha=$(git rev-parse HEAD) -f status=completed -f exclude_pull_requests=true /repos/${GITHUB_REPO}/actions/runs > runs.json
           for id in $(jq -r '.workflow_runs[] | select((."conclusion" == "failure") and (."name" != "Keep master green") and .run_attempt < 3) | .id' runs.json); do
-            echo "rerun https://github.com/emqx/emqx/actions/runs/$id"
-            gh api --method POST /repos/emqx/emqx/actions/runs/$id/rerun-failed-jobs || true
+            echo "rerun https://github.com/${GITHUB_REPO}/actions/runs/$id"
+            gh api --method POST /repos/${GITHUB_REPO}/actions/runs/$id/rerun-failed-jobs || true
           done
diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
index cc65fb76b..e82162b5a 100644
--- a/.github/workflows/scorecard.yaml
+++ b/.github/workflows/scorecard.yaml
@@ -16,8 +16,9 @@ permissions: read-all
 
 jobs:
   analysis:
+    if: github.repository == 'emqx/emqx'
     name: Scorecard analysis
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     permissions:
       security-events: write
       id-token: write
diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml
index 11afc7415..69f7eb740 100644
--- a/.github/workflows/stale.yaml
+++ b/.github/workflows/stale.yaml
@@ -13,8 +13,8 @@ permissions:
 
 jobs:
   stale:
-    if: github.repository_owner == 'emqx'
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
+    if: github.repository == 'emqx/emqx'
+    runs-on: ubuntu-22.04
     permissions:
       issues: write
       pull-requests: none
diff --git a/scripts/pkg-tests.sh b/scripts/pkg-tests.sh
index 02d55c986..a88020dd5 100755
--- a/scripts/pkg-tests.sh
+++ b/scripts/pkg-tests.sh
@@ -79,9 +79,9 @@ emqx_prepare(){
     if [ ! -d "${PAHO_MQTT_TESTING_PATH}" ]; then
         git clone -b develop-4.0 https://github.com/emqx/paho.mqtt.testing.git "${PAHO_MQTT_TESTING_PATH}"
     fi
-    # Debian 12 complains if we don't use venv
+    # Debian 12 and Ubuntu 24.04 complain if we don't use venv
     case "${SYSTEM:-}" in
-        debian12)
+        debian12|ubuntu24.04)
             apt-get update -y && apt-get install -y virtualenv
             virtualenv venv
             # https://www.shellcheck.net/wiki/SC1091