diff --git a/.github/workflows/package-build.yml b/.github/workflows/package-build.yml index 32a95db0..c7c113f1 100644 --- a/.github/workflows/package-build.yml +++ b/.github/workflows/package-build.yml @@ -30,7 +30,7 @@ jobs: - uses: hynek/build-and-inspect-python-package@v2.5.0 id: build-pkg with: - attest-build-provenance-github: ${{ github.event.pull_request.head.repo.fork != 'true' && github.event.workflow_call.pull_request.head.repo.fork != 'true' }} + attest-build-provenance-github: ${{ github.event.pull_request.head.repo.full_name != github.repository && github.event.workflow_call.pull_request.head.repo.full_name != github.repository && github.actor != 'dependabot[bot]' }} - name: Set up Python uses: actions/setup-python@v5 with: diff --git a/.github/workflows/sbom-scan.yml b/.github/workflows/sbom-scan.yml index 39e5601c..36f2d95a 100644 --- a/.github/workflows/sbom-scan.yml +++ b/.github/workflows/sbom-scan.yml @@ -31,7 +31,7 @@ jobs: format: spdx-json output-file: ${{ github.event.repository.name }}-sbom.spdx.json - uses: actions/attest-build-provenance@v1 - if: ${{ github.event.pull_request.head.repo.fork != 'true' && github.event.workflow_call.pull_request.head.repo.fork != 'true' }} + if: ${{ github.event.pull_request.head.repo.full_name != github.repository && github.event.workflow_call.pull_request.head.repo.full_name != github.repository && github.actor != 'dependabot[bot]' }} with: subject-path: ${{ github.event.repository.name }}-sbom.spdx.json - name: Scan SBOM