chore: add more security walls

mandarini · mandarini · commit 54f0823c64e9 · 2025-08-28T12:38:57.000+03:00
diff --git a/.github/workflows/preview-build.yml b/.github/workflows/preview-build.yml
@@ -15,10 +15,12 @@ on:
 
 jobs:
   build-preview:
-    # Only run if PR has the 'trigger: preview' label
+    # Only run if PR has the 'trigger: preview' label and is on the correct repository
     if: |
+      github.repository == 'supabase/postgrest-js' &&
       contains(github.event.pull_request.labels.*.name, 'trigger: preview')
     runs-on: ubuntu-latest
+    timeout-minutes: 15
     outputs:
       preview-url: ${{ steps.preview.outputs.url }}
       pr-number: ${{ github.event.pull_request.number }}
diff --git a/.github/workflows/preview-comment.yml b/.github/workflows/preview-comment.yml
@@ -11,7 +11,10 @@ on:
 
 jobs:
   update-comment:
+    # Only run on the correct repository
+    if: github.repository == 'supabase/postgrest-js'
     runs-on: ubuntu-latest
+    timeout-minutes: 5
     steps:
       # Get PR number from the workflow run
       - name: Get PR info
diff --git a/.github/workflows/trigger-tests.yml b/.github/workflows/trigger-tests.yml
@@ -22,9 +22,12 @@ on:
 
 jobs:
   trigger-tests:
-    # Only run if the preview build succeeded
-    if: github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success'
+    # Only run if the preview build succeeded and on the correct repository
+    if: |
+      github.repository == 'supabase/postgrest-js' &&
+      (github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success')
     runs-on: ubuntu-latest
+    timeout-minutes: 10
     steps:
       # For workflow_run trigger, download the preview info
       - name: Download preview info
