From bc70cc41248b2a536c2b008834198055dcee8b48 Mon Sep 17 00:00:00 2001
From: gimlichael <michael@geekle.io>
Date: Tue, 14 Apr 2026 17:19:21 +0200
Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=91=B7=20add=20init=20job=20for=20han?=
 =?UTF-8?q?dling=20forked=20pull=20requests=20in=20CI=20pipeline?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/ci-pipeline.yml | 51 +++++++++++++++++++++++++------
 1 file changed, 41 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/ci-pipeline.yml b/.github/workflows/ci-pipeline.yml
index 218ce24..816656d 100644
--- a/.github/workflows/ci-pipeline.yml
+++ b/.github/workflows/ci-pipeline.yml
@@ -1,4 +1,5 @@
 name: Unitify CI Pipeline
+
 on:
   pull_request:
     branches: [main]
@@ -17,8 +18,34 @@ permissions:
   contents: read
 
 jobs:
+  init:
+    name: initialize
+    runs-on: ubuntu-24.04
+    outputs:
+      is-fork-pr: ${{ steps.vars.outputs.is-fork-pr }}
+      run-privileged-jobs: ${{ steps.vars.outputs.run-privileged-jobs }}
+      strong-name-key-filename: ${{ steps.vars.outputs.strong-name-key-filename }}
+      build-switches: ${{ steps.vars.outputs.build-switches }}
+    steps:
+      - id: vars
+        name: calculate workflow variables
+        shell: bash
+        run: |
+          if [[ "${{ github.event_name }}" == "pull_request" && "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.repository }}" ]]; then
+            echo "is-fork-pr=true" >> "$GITHUB_OUTPUT"
+            echo "run-privileged-jobs=false" >> "$GITHUB_OUTPUT"
+            echo "strong-name-key-filename=" >> "$GITHUB_OUTPUT"
+            echo "build-switches=-p:SkipSignAssembly=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "is-fork-pr=false" >> "$GITHUB_OUTPUT"
+            echo "run-privileged-jobs=true" >> "$GITHUB_OUTPUT"
+            echo "strong-name-key-filename=unitify.snk" >> "$GITHUB_OUTPUT"
+            echo "build-switches=" >> "$GITHUB_OUTPUT"
+          fi
+
   build:
     name: call-build
+    needs: [init]
     strategy:
       matrix:
         arch: [X64, ARM64]
@@ -26,14 +53,15 @@ jobs:
     uses: codebeltnet/jobs-dotnet-build/.github/workflows/default.yml@v3
     with:
       configuration: ${{ matrix.configuration }}
-      strong-name-key-filename: unitify.snk
+      strong-name-key-filename: ${{ needs.init.outputs.strong-name-key-filename }}
+      build-switches: ${{ needs.init.outputs.build-switches }}
       runs-on: ${{ matrix.arch == 'ARM64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
       upload-build-artifact-name: build-${{ matrix.configuration }}-${{ matrix.arch }}
     secrets: inherit
 
   pack:
     name: call-pack
-    needs: [build]
+    needs: [init, build]
     strategy:
       matrix:
         configuration: [Debug, Release]
@@ -45,7 +73,7 @@ jobs:
 
   test_linux:
     name: call-test-linux
-    needs: [build]
+    needs: [init, build]
     strategy:
       fail-fast: false
       matrix:
@@ -56,13 +84,13 @@ jobs:
       runs-on: ${{ matrix.arch == 'ARM64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
       configuration: ${{ matrix.configuration }}
       build-switches: -p:SkipSignAssembly=true
-      build: true # we need to build due to xUnitv3
+      build: true
       restore: true
       download-pattern: build-${{ matrix.configuration }}-${{ matrix.arch }}
 
   test_windows:
     name: call-test-windows
-    needs: [build]
+    needs: [init, build]
     strategy:
       fail-fast: false
       matrix:
@@ -73,13 +101,14 @@ jobs:
       runs-on: ${{ matrix.arch == 'ARM64' && 'windows-11-arm' || 'windows-2025' }}
       configuration: ${{ matrix.configuration }}
       build-switches: -p:SkipSignAssembly=true
-      build: true # we need to build due to xUnitv3
+      build: true
       restore: true
       download-pattern: build-${{ matrix.configuration }}-${{ matrix.arch }}
 
   sonarcloud:
+    if: ${{ needs.init.outputs.run-privileged-jobs == 'true' }}
     name: call-sonarcloud
-    needs: [build,test_linux,test_windows]
+    needs: [init, build, test_linux, test_windows]
     uses: codebeltnet/jobs-sonarcloud/.github/workflows/default.yml@v3
     with:
       organization: geekle
@@ -88,16 +117,18 @@ jobs:
     secrets: inherit
 
   codecov:
+    if: ${{ needs.init.outputs.run-privileged-jobs == 'true' }}
     name: call-codecov
-    needs: [build,test_linux,test_windows]
+    needs: [init, build, test_linux, test_windows]
     uses: codebeltnet/jobs-codecov/.github/workflows/default.yml@v1
     with:
       repository: codebeltnet/unitify
     secrets: inherit
-          
+
   codeql:
+    if: ${{ needs.init.outputs.run-privileged-jobs == 'true' }}
     name: call-codeql
-    needs: [build,test_linux,test_windows]
+    needs: [init, build, test_linux, test_windows]
     uses: codebeltnet/jobs-codeql/.github/workflows/default.yml@v3
     permissions:
       security-events: write

From 52e6f4e6a671e18b0fafa22752649f4f4f6f1e94 Mon Sep 17 00:00:00 2001
From: gimlichael <michael@geekle.io>
Date: Tue, 14 Apr 2026 17:24:58 +0200
Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=94=A7=20simplify=20job=20needs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/ci-pipeline.yml | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/ci-pipeline.yml b/.github/workflows/ci-pipeline.yml
index 816656d..e7a914d 100644
--- a/.github/workflows/ci-pipeline.yml
+++ b/.github/workflows/ci-pipeline.yml
@@ -22,7 +22,6 @@ jobs:
     name: initialize
     runs-on: ubuntu-24.04
     outputs:
-      is-fork-pr: ${{ steps.vars.outputs.is-fork-pr }}
       run-privileged-jobs: ${{ steps.vars.outputs.run-privileged-jobs }}
       strong-name-key-filename: ${{ steps.vars.outputs.strong-name-key-filename }}
       build-switches: ${{ steps.vars.outputs.build-switches }}
@@ -32,12 +31,10 @@ jobs:
         shell: bash
         run: |
           if [[ "${{ github.event_name }}" == "pull_request" && "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.repository }}" ]]; then
-            echo "is-fork-pr=true" >> "$GITHUB_OUTPUT"
             echo "run-privileged-jobs=false" >> "$GITHUB_OUTPUT"
             echo "strong-name-key-filename=" >> "$GITHUB_OUTPUT"
             echo "build-switches=-p:SkipSignAssembly=true" >> "$GITHUB_OUTPUT"
           else
-            echo "is-fork-pr=false" >> "$GITHUB_OUTPUT"
             echo "run-privileged-jobs=true" >> "$GITHUB_OUTPUT"
             echo "strong-name-key-filename=unitify.snk" >> "$GITHUB_OUTPUT"
             echo "build-switches=" >> "$GITHUB_OUTPUT"
@@ -61,7 +58,7 @@ jobs:
 
   pack:
     name: call-pack
-    needs: [init, build]
+    needs: [build]
     strategy:
       matrix:
         configuration: [Debug, Release]
@@ -73,7 +70,7 @@ jobs:
 
   test_linux:
     name: call-test-linux
-    needs: [init, build]
+    needs: [build]
     strategy:
       fail-fast: false
       matrix:
@@ -84,13 +81,13 @@ jobs:
       runs-on: ${{ matrix.arch == 'ARM64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
       configuration: ${{ matrix.configuration }}
       build-switches: -p:SkipSignAssembly=true
-      build: true
+      build: true # we need to build due to xUnitv3
       restore: true
       download-pattern: build-${{ matrix.configuration }}-${{ matrix.arch }}
 
   test_windows:
     name: call-test-windows
-    needs: [init, build]
+    needs: [build]
     strategy:
       fail-fast: false
       matrix:
@@ -101,7 +98,7 @@ jobs:
       runs-on: ${{ matrix.arch == 'ARM64' && 'windows-11-arm' || 'windows-2025' }}
       configuration: ${{ matrix.configuration }}
       build-switches: -p:SkipSignAssembly=true
-      build: true
+      build: true # we need to build due to xUnitv3
       restore: true
       download-pattern: build-${{ matrix.configuration }}-${{ matrix.arch }}