From a29fc530ac054988f43a811cc9f5fb88fbbc8fd9 Mon Sep 17 00:00:00 2001
From: Weston Steimel <author@code.w.steimel.me.uk>
Date: Mon, 16 Mar 2026 10:29:41 +0000
Subject: [PATCH] ci: ensure allocation and publish workflows only run from
 main on a specific repo

Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>
---
 .github/workflows/allocate.yaml | 3 +++
 .github/workflows/publish.yaml  | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/allocate.yaml b/.github/workflows/allocate.yaml
index 6d0783cd2519..8d5f88a688b5 100644
--- a/.github/workflows/allocate.yaml
+++ b/.github/workflows/allocate.yaml
@@ -1,6 +1,8 @@
 name: "Allocate Security Identifiers"
 on: 
   workflow_dispatch:
+    branches:
+      - main
   schedule:
     - cron: '27 5 * * MON-FRI'
 
@@ -19,6 +21,7 @@ jobs:
       image: python:3.13-alpine
     permissions:
       contents: write
+    if: github.repository == 'anchore/security-identifiers' # only run for main repo
     steps:
       - name: Install OS dependencies
         run: apk add --no-cache git openssh taplo sqlite tar zstd curl oras-cli bash date grype
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index f555b17daba4..aac617e0eba0 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -1,6 +1,8 @@
 name: "Publish Security Identifiers Index (development)"
 on: 
   workflow_dispatch:
+    branches:
+      - main
   push:
     branches:
       - main
@@ -21,6 +23,7 @@ jobs:
     permissions:
       contents: write
       packages: write
+    if: github.repository == 'anchore/security-identifiers' # only run for main repo
     steps:
       - name: Install OS dependencies
         run: apk add --no-cache git taplo sqlite tar zstd curl oras-cli bash