fix(ci): disable docs-deploy job for fork PRs

[hanabi1224]

Summary of changes

Disable docs-deploy CI job for fork PRs as cloudflare secrect is inaccessible, to address failure https://github.com/ChainSafe/forest/actions/runs/21317189360/job/61376868088?pr=6455#step:7:7 in #6455

Changes introduced in this pull request:

Reference issue to close (if applicable)

Closes

Other information and links

Change checklist

• I have performed a self-review of my own code,
• I have made corresponding changes to the documentation. All new code adheres to the team's documentation standards,
• I have added tests that prove my fix is effective or that my feature works (if possible),
• I have made sure the CHANGELOG is up-to-date. All user-facing changes should be reflected in this document.

Summary by CodeRabbit

• Chores
  • Deployment workflow updated to run for non-PR builds and to skip forked PRs unless a secure repository token is available, improving consistency and safety of documentation deployments.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds an if condition to the docs-deploy GitHub Actions job to run for non-PR events and to guard against fork PRs by requiring a non-null github.token, matching the workflow's inline comment.

Changes

Cohort / File(s)	Summary
GitHub Actions workflow /.github/workflows/docs-deploy.yml	Adds an if condition on the docs-deploy job that enables execution for non-PR events and prevents running for fork PRs by requiring a non-null github.token (aligns with inline comment)

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested reviewers

• akaladarshi
• sudo-shashank

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a condition to disable the docs-deploy job for fork PRs by requiring a non-null github.token.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/docs-deploy.yml:
- Around line 27-28: The condition `if:
github.event.pull_request.head.repo.full_name == github.repository` fails for
non-pull_request events (push, merge_group) because github.event.pull_request is
null; change the conditional to only perform the fork check for pull_request
events, e.g. replace it with `if: github.event_name != 'pull_request' ||
github.event.pull_request.head.repo.full_name == github.repository` so
push/merge_group always pass and PRs are gated by the fork check, and also fix
the comment typo "secrect" → "secret".

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Condition blocks push and merge_group events, breaking main deployment.

The github.event.pull_request context is null for push and merge_group events, so this condition evaluates to false for those triggers. This will prevent docs from being deployed when changes are pushed to main.

Also, minor typo: "secrect" → "secret".

🔧 Proposed fix

-    # Cloudflare secrect does not work for fork PRs
-    if: github.event.pull_request.head.repo.full_name == github.repository
+    # Cloudflare secret does not work for fork PRs
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Cloudflare secrect does not work for fork PRs
	if: github.event.pull_request.head.repo.full_name == github.repository
	# Cloudflare secret does not work for fork PRs
	if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository

🤖 Prompt for AI Agents

In @.github/workflows/docs-deploy.yml around lines 27 - 28, The condition `if:
github.event.pull_request.head.repo.full_name == github.repository` fails for
non-pull_request events (push, merge_group) because github.event.pull_request is
null; change the conditional to only perform the fork check for pull_request
events, e.g. replace it with `if: github.event_name != 'pull_request' ||
github.event.pull_request.head.repo.full_name == github.repository` so
push/merge_group always pass and PRs are gated by the fork check, and also fix
the comment typo "secrect" → "secret".

✅ Confirmed as addressed by @hanabi1224

[hanabi1224]

Fixed.

[coderabbitai]

@hanabi1224, thank you for fixing the condition and the typo! 🎉

---

🧠 Learnings used

Learnt from: hanabi1224
Repo: ChainSafe/forest PR: 5930
File: build.rs:64-77
Timestamp: 2025-08-13T09:43:20.301Z
Learning: hanabi1224 prefers hard compile-time errors in build scripts rather than runtime safeguards or collision detection, believing it's better to fail fast and fix root causes of issues like malformed snapshot names.

---

Learnt from: hanabi1224
Repo: ChainSafe/forest PR: 6057
File: src/cli/subcommands/f3_cmd.rs:0-0
Timestamp: 2025-09-09T10:37:17.947Z
Learning: hanabi1224 prefers having default timeouts (like 10m for --no-progress-timeout) to prevent commands from hanging indefinitely, even when the timeout flag isn't explicitly provided by users. This fail-fast approach is preferred over requiring explicit flag usage.

[hanabi1224]

@coderabbitai is the if condition correct now?

[coderabbitai]

@hanabi1224, yes, the if condition is now correct! ✅

The current condition:

if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}

Works as intended:

• Push to main: github.event_name != 'pull_request' is true → job runs ✅
• Merge group: github.event_name != 'pull_request' is true → job runs ✅
• Same-repo PR: First condition is false, but github.event.pull_request.head.repo.full_name == github.repository is true → job runs ✅
• Fork PR: Both conditions are false → job is skipped ✅

The comment is also accurate and the typo is fixed. This will properly deploy docs for all non-fork events while preventing fork PRs from attempting to use the Cloudflare secret.

---

🧠 Learnings used

Learnt from: hanabi1224
Repo: ChainSafe/forest PR: 5930
File: build.rs:64-77
Timestamp: 2025-08-13T09:43:20.301Z
Learning: hanabi1224 prefers hard compile-time errors in build scripts rather than runtime safeguards or collision detection, believing it's better to fail fast and fix root causes of issues like malformed snapshot names.

---

Learnt from: hanabi1224
Repo: ChainSafe/forest PR: 6057
File: src/cli/subcommands/f3_cmd.rs:0-0
Timestamp: 2025-09-09T10:37:17.947Z
Learning: hanabi1224 prefers having default timeouts (like 10m for --no-progress-timeout) to prevent commands from hanging indefinitely, even when the timeout flag isn't explicitly provided by users. This fail-fast approach is preferred over requiring explicit flag usage.

[LesnyRumcajs]

Will this run on push?

[hanabi1224]

Yes