CI: Change CI run condition

Change CI run condition to allow autorun when merge while avoid any security issue
ruyisdk · Dec 20, 2024 · 208582b · 208582b
1 parent 9c5ce12
commit 208582b
Showing 1 changed file with 11 additions and 4 deletions.
diff --git a/.github/workflows/package-index-sync.yaml b/.github/workflows/package-index-sync.yaml
@@ -7,8 +7,14 @@ name: Sync Package Index
 # - PACKAGE_INDEX_OWNER: decide where the pr goes: blank defaults to `ruyisdk`
 # - SSH_PRIVATE: A private SSH key of the bot account
 
+#! NOTICE NOTICE NOTICE NOTICE
+#! DO NOT MODIFY THIS FILE UNLESS YOU KNOW WHAT YOU ARE DOING
+#! OR A POTENTIAL PWN ATTACK MAY OCCUR
+#! Double check the commit before pushing to avoid any potential security issues
+#! NOTICE NOTICE NOTICE NOTICE
+
 on:
-  pull_request:
+  push:
   workflow_dispatch:
     inputs:
       makepr:
@@ -25,6 +31,7 @@ jobs:
   build:
     name: Generate and Upload
     runs-on: ubuntu-latest
+    if: ${{ ( github.event_name == 'push' && github.ref == github.ref == 'refs/heads/main' && github.repository_owner == 'ruyisdk' ) ||  ( github.event_name == 'workflow_dispatch' ) }}
     environment: ruyi-sync
     env:
       GITHUB_TOKEN: ${{ secrets.GHO_TOKEN }}
@@ -51,14 +58,14 @@ jobs:
           sudo apt-get update
           pip install -r assets/requirements_ruyinv.txt
       - name: Run tool to generate and upload
-        if: ${{ ( github.event_name == 'workflow_dispatch' && inputs.makepr == false ) || github.event_name != 'pull_request' || ( github.event_name == 'pull_request' && github.event.pull_request.merged == false ) }}
+        if: ${{ ( github.event_name == 'workflow_dispatch' && inputs.makepr == 'false' ) }}
         run: |
           echo "Generate Only" > $RUNNER_TEMP/type.txt
           export CI_RUN_ID=${{ github.run_id }}
           export CI_RUN_URL=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
           python assets/renew_ruyi_index.py -c assets/config.toml -p . -i $RUNNER_TEMP/cache --log $RUNNER_TEMP/log.txt --warn $RUNNER_TEMP/warn.txt
       - name: Run tool to generate and upload and PR
-        if: ${{ ( github.event_name == 'workflow_dispatch' && inputs.makepr == true ) || ( github.event_name == 'pull_request' && github.event.pull_request.merged == true ) }}
+        if: ${{ ( github.event_name == 'workflow_dispatch' && inputs.makepr == 'true' ) || ( github.event_name == 'push' ) }}
         run: |
           echo "Generate and PR" > $RUNNER_TEMP/type.txt
           export CI_RUN_ID=${{ github.run_id }}
@@ -96,7 +103,7 @@ jobs:
           echo "" >> $GITHUB_STEP_SUMMARY
 
       - name: Output Debug Info
-        if: ${{ github.event_name == 'workflow_dispatch' && inputs.debuginfo }}
+        if: ${{ github.event_name == 'workflow_dispatch' && inputs.debuginfo == 'true' }}
         run: |
           echo "## Debug Info" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY