From 798457d9aa76eb3ae6ab3a0767a5f291533ccd41 Mon Sep 17 00:00:00 2001
From: Luke Heath <luke@fleetdm.com>
Date: Wed, 13 Sep 2023 16:34:39 -0500
Subject: [PATCH] Do not run docker publish workflow on fork PRs (#13918)

---
 .github/workflows/goreleaser-snapshot-fleet.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/goreleaser-snapshot-fleet.yaml b/.github/workflows/goreleaser-snapshot-fleet.yaml
index 77c7b307ef..c4e7355139 100644
--- a/.github/workflows/goreleaser-snapshot-fleet.yaml
+++ b/.github/workflows/goreleaser-snapshot-fleet.yaml
@@ -30,8 +30,8 @@ jobs:
     # Only run it when the push is to the fleetdm/fleet repo. Otherwise the secrets for pushing to
     # Docker will not be available.
     #
-    # Also not run if author is dependabot (it doesn't have access to Github secrets).
-    if: ${{ (github.repository == 'fleetdm/fleet') && (github.actor != 'dependabot[bot]') }}
+    # Also do not run if author is dependabot or is on a fork (it doesn't have access to Github secrets).
+    if: ${{ (github.repository == 'fleetdm/fleet') && (github.actor != 'dependabot[bot]') && (github.event.pull_request.head.repo.full_name == github.repository)}}
     runs-on: ubuntu-20.04
     environment: Docker Hub
     steps: