diff --git a/.github/actions/pushdiff/action.yml b/.github/actions/pushdiff/action.yml index 56ab93e34..f323dfdc7 100644 --- a/.github/actions/pushdiff/action.yml +++ b/.github/actions/pushdiff/action.yml @@ -42,6 +42,10 @@ runs: (!github.event.pull_request.head.repo.fork) shell: bash run: | + if ! git status | grep -q "On branch"; then + echo "::error::pushdiff must run on a branch. Pass 'github.head_ref' as 'ref' to the checkout action." + exit 1 + fi git config --global user.name "edgelessci" git config --global user.email "edgelessci@users.noreply.github.com" git commit -am "${{ inputs.renovate-commit-msg }}" diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml index 5ffc5f8ed..e4367968f 100644 --- a/.github/workflows/static.yml +++ b/.github/workflows/static.yml @@ -25,6 +25,9 @@ jobs: steps: - name: Checkout uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + with: + ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} + token: ${{ !github.event.pull_request.head.repo.fork && secrets.NUNKI_CI_COMMIT_PUSH_PR || '' }} - name: Install Nix uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 with: