From c07d1f2223897d2fa5983423bbe73ac73a624fee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franz=20W=C3=B6llert?= <franz.woellert@gmail.com>
Date: Tue, 26 Mar 2024 14:14:31 +0100
Subject: [PATCH] ci: Protect workflows via CODEOWNERS and explicit user
 matching (#240)

---
 .github/workflows/{pr_agent.yml => pr-agent.yml} | 1 +
 .github/workflows/release-please.yml             | 3 ++-
 CODEOWNERS                                       | 3 +++
 3 files changed, 6 insertions(+), 1 deletion(-)
 rename .github/workflows/{pr_agent.yml => pr-agent.yml} (84%)
 create mode 100644 CODEOWNERS

diff --git a/.github/workflows/pr_agent.yml b/.github/workflows/pr-agent.yml
similarity index 84%
rename from .github/workflows/pr_agent.yml
rename to .github/workflows/pr-agent.yml
index 2805a8f8..eaac61fa 100644
--- a/.github/workflows/pr_agent.yml
+++ b/.github/workflows/pr-agent.yml
@@ -12,6 +12,7 @@ jobs:
       pull-requests: write
       contents: write
     name: Run pr agent on every pull request, respond to user comments
+    if: (github.actor == 'mansenfranzen') || (github.triggering_actor == 'mansenfranzen')
     steps:
       - name: PR Agent action step
         id: pragent
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
index fa100ab9..20e4bfd9 100644
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -1,3 +1,5 @@
+name: Release
+
 on:
   push:
     branches:
@@ -7,7 +9,6 @@ permissions:
   contents: write
   pull-requests: write
 
-name: release-please
 
 jobs:
   release-please:
diff --git a/CODEOWNERS b/CODEOWNERS
new file mode 100644
index 00000000..9bd84d25
--- /dev/null
+++ b/CODEOWNERS
@@ -0,0 +1,3 @@
+/.github/workflows/pr-agent.yml @mansenfranzen
+/.github/workflows/release-please.yml @mansenfranzen
+/CODEOWNERS @mansenfranzen