From f735c6af175772020ba5890f5986c696077fe286 Mon Sep 17 00:00:00 2001
From: Stefan Haller <stefan@haller-berlin.de>
Date: Sat, 5 Jul 2025 15:08:17 +0200
Subject: [PATCH] Make the release workflow run only from stefanhaller's fork

As far as I can tell, this is the only way to make sure that releases show up as
created by me. Also, we totally don't want it to run in other people's forks
(although it would likely just have failed there, but still).

The restriction only applies to scheduled runs; manually triggering the action
is still possible from everywhere. There needs to be a personal access token
named LAZYGIT_RELEASE_PAT configured on the repo for this to work, though.
---
 .github/workflows/release.yml | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 3fd2c4e07..c9968d25c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -30,6 +30,12 @@ jobs:
   check-and-release:
     runs-on: ubuntu-latest
     steps:
+      - name: Check for correct repository
+        if: ${{ github.event_name != 'workflow_dispatch' && github.repository != 'stefanhaller/lazygit' }}
+        run: |
+          echo "Should only run in the stefanhaller/lazygit repository"
+          exit 1
+
       - name: Check for first Saturday of the month
         if: ${{ github.event_name != 'workflow_dispatch' }}
         run: |
@@ -41,6 +47,8 @@ jobs:
       - name: Checkout Code
         uses: actions/checkout@v4
         with:
+          repository: jesseduffield/lazygit
+          token: ${{ secrets.LAZYGIT_RELEASE_PAT }}
           fetch-depth: 0
 
       - name: Get Latest Tag
@@ -89,7 +97,7 @@ jobs:
             exit 1
           fi
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.LAZYGIT_RELEASE_PAT }}
 
       - name: Calculate next version
         run: |
@@ -126,7 +134,7 @@ jobs:
           git tag ${{ env.new_tag }}
           git push origin ${{ env.new_tag }}
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_API_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.LAZYGIT_RELEASE_PAT }}
 
       - name: Setup Go
         uses: actions/setup-go@v5
@@ -140,11 +148,11 @@ jobs:
           version: v2
           args: release --clean
         env:
-          GITHUB_TOKEN: ${{secrets.GITHUB_API_TOKEN}}
+          GITHUB_TOKEN: ${{secrets.LAZYGIT_RELEASE_PAT}}
 
       - name: Bump Homebrew formula
         uses: dawidd6/action-homebrew-bump-formula@v3
         with:
-          token: ${{secrets.GITHUB_API_TOKEN}}
+          token: ${{secrets.LAZYGIT_RELEASE_PAT}}
           formula: lazygit
           tag: ${{env.new_tag}}