Correctly restrict push actions to ownership repos (#16398)

* Correctly restrict push actions to ownership repos * Use standard action to see if push actions should run * Run spec job for 2.6 and higher * Be even more restrictve, do not push if on a fork
2026-04-24 03:05:23 -02:30 · 2026-04-21 11:26:04 -04:00
parent 1636abd669
commit 3fd3b741b6
4 changed files with 72 additions and 6 deletions
--- a/.github/workflows/spec-sync-on-merge.yml
+++ b/.github/workflows/spec-sync-on-merge.yml
@@ -16,9 +16,16 @@ on:
  push:
    branches:
      - devel
+      - 'stable-2.[6-9]'
+      - 'stable-2.[1-9][0-9]'
  workflow_dispatch: # Allow manual triggering for testing
 jobs:
+  check-ownership:
+    uses: ./.github/workflows/_repo-owns-branch.yml
+
  sync-openapi-spec:
+    needs: check-ownership
+    if: needs.check-ownership.outputs.should_run == 'true'
    name: Sync OpenAPI spec to central repo
    runs-on: ubuntu-latest
    permissions: