From 43081c51798ddd9d1e9eaef67e8e0e82c34c38df Mon Sep 17 00:00:00 2001
From: C4illin <hi@emrik.org>
Date: Fri, 8 Aug 2025 00:14:08 +0200
Subject: [PATCH] chore: attempt to restrict push when allowed

---
 .github/workflows/docker-publish.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index c7e392c..1eeb66d 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -84,8 +84,8 @@ jobs:
           platforms: ${{ matrix.platform }}
           labels: ${{ steps.meta.outputs.labels }}
           annotations: ${{ steps.meta.outputs.annotations }}
-          outputs: type=image,name=ghcr.io/${{ env.REPO }},push-by-digest=true,name-canonical=true,push=false,oci-mediatypes=true
-          push: false
+          outputs: type=image,name=ghcr.io/${{ env.REPO }},push-by-digest=true,name-canonical=true,oci-mediatypes=true
+          push: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
           cache-from: type=gha,scope=${{ matrix.platform }}
           cache-to: type=gha,mode=max,scope=${{ matrix.platform }}
 
@@ -104,6 +104,7 @@ jobs:
           retention-days: 1
 
   merge:
+    if: github.event.pull_request.head.repo.full_name == github.repository
     name: Merge Docker manifests
     runs-on: ubuntu-latest