From 92473a5632ed53f914b7f8a6db302ee664135955 Mon Sep 17 00:00:00 2001
From: Chris Yeninas <844685+PhantomGamers@users.noreply.github.com>
Date: Sat, 27 Nov 2021 06:02:53 -0500
Subject: [PATCH] build.yaml: don't run untrusted submissions

---
 .github/workflows/build.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index d290c778..b05f8a11 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -8,6 +8,9 @@ on:
 
 jobs:
   build:
+    # only runs if:
+    # not a PR, PR is approved, or PR is pushed by the repo owner or a collaborator
+    if: not github.base_ref || github.event.review.state == 'approved' || github.event.review.author_association == 'COLLABORATOR' || github.event.review.author_association == 'OWNER'
     runs-on: windows-latest
     steps: