From 6bbade9845450e8f27c6666eaebec23e971bd342 Mon Sep 17 00:00:00 2001
From: Dirk Hohndel <dirk@hohndel.org>
Date: Thu, 7 Dec 2023 10:10:23 -0800
Subject: [PATCH] only create releases on push

Pull requests can be triggered by anyone - we should not publish code
that comes in through pull requests to either GitHub releases or
Launchpad, Copr, etc.

Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
---
 .github/workflows/android.yml                | 2 ++
 .github/workflows/fedora-copr-build.yml      | 3 ---
 .github/workflows/ubuntu-launchpad-build.yml | 3 ---
 .github/workflows/windows.yml                | 2 ++
 4 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/android.yml b/.github/workflows/android.yml
index 61daa584c..7fa036b3f 100644
--- a/.github/workflows/android.yml
+++ b/.github/workflows/android.yml
@@ -52,7 +52,9 @@ jobs:
         git config --global --add safe.directory ${SUBSURFACE_REPO_PATH}/libdivecomputer
         bash -x ./subsurface/packaging/android/qmake-build.sh
 
+    # only publish a 'release' on push events (those include merging a PR)
     - name: upload binaries
+      if: github.event_name == 'push'
       uses: softprops/action-gh-release@v1
       with:
         tag_name: ${{ steps.tag.outputs.tag }}
diff --git a/.github/workflows/fedora-copr-build.yml b/.github/workflows/fedora-copr-build.yml
index 56381914d..d5f813098 100644
--- a/.github/workflows/fedora-copr-build.yml
+++ b/.github/workflows/fedora-copr-build.yml
@@ -3,9 +3,6 @@ on:
   push:
     branches:
     - master
-  pull_request:
-    branches:
-    - master
 
 jobs:
   setup-build:
diff --git a/.github/workflows/ubuntu-launchpad-build.yml b/.github/workflows/ubuntu-launchpad-build.yml
index 0b15e652d..700632288 100644
--- a/.github/workflows/ubuntu-launchpad-build.yml
+++ b/.github/workflows/ubuntu-launchpad-build.yml
@@ -3,9 +3,6 @@ on:
   push:
     branches:
     - master
-  pull_request:
-    branches:
-    - master
 
 jobs:
   push-to-ppa:
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index 9e46147f3..8439f0da1 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -59,7 +59,9 @@ jobs:
         bash -x subsurface/.github/workflows/scripts/windows-in-container-build.sh 2>&1 | tee build.log
         grep "Built target installer" build.log
 
+    # only publish a 'release' on push events (those include merging a PR)
     - name: upload binaries
+      if: github.event_name == 'push'
       uses: softprops/action-gh-release@v1
       with:
         tag_name: ${{ steps.tag.outputs.tag }}