From 869125b07b6633b86a0fa4695157e2473322cd3d Mon Sep 17 00:00:00 2001 From: Jeff Handley Date: Thu, 19 Mar 2026 20:46:50 -0700 Subject: [PATCH] Block Release Publishing workflow from running on forks Add an if condition to the build-all-configs job to prevent the Release Publishing workflow from running on forks via schedule or release triggers. The workflow_dispatch trigger is exempted so fork owners can still manually test the workflow. Since all downstream jobs (build-package, publish-github, publish-release, publish-nuget) depend on build-all-configs via the needs chain, they are automatically skipped when build-all-configs is skipped. This is consistent with the existing repository check in the publish-nuget job and docs.yml workflow. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 761bfb52c..67868c5d7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,6 +32,8 @@ on: jobs: build-all-configs: + # Don't run scheduled/release triggers on forks; allow manual workflow_dispatch + if: ${{ github.repository == 'modelcontextprotocol/csharp-sdk' || github.event_name == 'workflow_dispatch' }} strategy: matrix: os: [ubuntu-latest, windows-latest, macos-latest]