Add organization checks and standardize git configurations (#164)

* Add organization checks and standardize git configurations

- Add `if: ${{ github.repository_owner == 'Armbian' }}` to ensure workflows
  only run in the Armbian organization
- Standardize git configurations to use github-actions[bot] identity
- Add explicit permissions declarations where missing
- Update workflows:
  - data-update-base-files-info.yml
  - data-update-download-index.yml
  - data-update-image-info.yml
  - data-update-jira-excerpt.yml
  - data-update-partners-data.yml
  - data-update-rpi-imager-json.yml
  - generate-servers-jsons.yml
  - generate-torrent-tracker-lists.yml
  - infrastructure-mirror-repository-artifacts.yml
  - infrastructure-update-redirector-config.yml
  - web-directory-listing.yml
  - assets-generate-board-thumbnails.yml (all jobs)
  - community-enforce-triage-role.yml
  - community-invite-contributors.yml
  - maintenance-clean-workflow-logs.yml
  - maintenance-watchdog.yml
  - monitoring-runners-status.yml
  - testing-wireless-performance-test.yml

This ensures these workflows only run in the Armbian organization
and prevents execution on forks or other organizations.

Author: igorpecovnik

.github/workflows/assets-generate-board-thumbnails.yml

@@ -27,6 +27,7 @@ jobs:
   Check:
     name: "Check permissions"
     runs-on: ubuntu-24.04
+    if: ${{ github.repository_owner == 'Armbian' }}
     steps:
       - name: "Check permissions"
         uses: armbian/actions/team-check@main
@@ -38,6 +39,7 @@ jobs:
   Boards-index:
     name: "Build boards matrix"
     runs-on: ubuntu-24.04
+    if: ${{ github.repository_owner == 'Armbian' }}
     needs: Check
     outputs:
       matrix: ${{ steps.boards.outputs.JSON_CONTENT }}
@@ -100,6 +102,7 @@ jobs:
   Vendors-index:
     name: "Build vendors matrix"
     runs-on: ubuntu-24.04
+    if: ${{ github.repository_owner == 'Armbian' }}
     needs: Check
     outputs:
       matrix: ${{ steps.vendors.outputs.JSON_CONTENT }}
@@ -174,6 +177,7 @@ jobs:
   Generate-images:
     name: "Maker board & vendor pics"
     runs-on: ubuntu-24.04
+    if: ${{ github.repository_owner == 'Armbian' }}
     needs: [Boards-index, Vendors-index]
     strategy:
       fail-fast: false
@@ -429,6 +433,7 @@ jobs:
   Summary:
     name: "Generate summary report"
     runs-on: ubuntu-24.04
+    if: ${{ github.repository_owner == 'Armbian' }}
     needs: [Boards-index, Vendors-index, Generate-images]
     steps:
       - name: "Download all shard data"

.github/workflows/community-enforce-triage-role.yml

@@ -20,6 +20,7 @@ jobs:
   enforce-triage:
     name: "Enforce Triage"
     runs-on: ubuntu-latest
+    if: ${{ github.repository_owner == 'Armbian' }}
     concurrency:
       group: org-triage-${{ github.workflow }}-${{ github.ref }}
       cancel-in-progress: false

.github/workflows/community-invite-contributors.yml

@@ -12,6 +12,7 @@ on:
 jobs:
   check-eligibility:
     runs-on: ubuntu-latest
+    if: ${{ github.repository_owner == 'Armbian' }}
     steps:
       - name: Collect PR authors from multiple Armbian repositories
         id: get-contributors

.github/workflows/data-update-base-files-info.yml

@@ -14,6 +14,7 @@ jobs:
     name: "Update base-files info"
     runs-on: ubuntu-latest
     timeout-minutes: 30
+    if: ${{ github.repository_owner == 'Armbian' }}
     permissions:
       contents: write
     steps:

.github/workflows/data-update-download-index.yml

@@ -19,6 +19,7 @@ jobs:
   Webindex:
     name: "Generate JSON Index"
     runs-on: ubuntu-24.04
+    if: ${{ github.repository_owner == 'Armbian' }}
 
     env:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/data-update-image-info.yml

@@ -17,6 +17,7 @@ jobs:
   update-image-info:
     name: Update image info data
     runs-on: super
+    if: ${{ github.repository_owner == 'Armbian' }}
     steps:
 
       - name: Fix workspace permissions

.github/workflows/data-update-jira-excerpt.yml

@@ -12,6 +12,7 @@ jobs:
   jira:
     runs-on: ubuntu-24.04
     name: "Get from Armbian Jira"
+    if: ${{ github.repository_owner == 'Armbian' }}
     permissions:
       contents: write
     env:

.github/workflows/data-update-partners-data.yml

@@ -12,6 +12,9 @@ jobs:
   fetch-bigin-data:
     runs-on: ubuntu-latest
     name: "Fetch data"
+    if: ${{ github.repository_owner == 'Armbian' }}
+    permissions:
+      contents: write
     steps:
       - name: Checkout armbian.github.io repository
         uses: actions/checkout@v6
@@ -109,7 +112,7 @@ jobs:
           mkdir -p data/
           cp ${{ github.workspace }}/*.json data/
           git config user.name "github-actions[bot]"
-          git config --global user.email "github-actions@github.com"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
           git add data/platinum-partner.json data/gold-partner.json data/silver-partner.json data/maintainers.json
           git commit -m "Update of Bigin sourced JSON files" || echo "No changes to commit"
           git push

.github/workflows/data-update-rpi-imager-json.yml

@@ -17,6 +17,9 @@ jobs:
 
     name: "Generate JSON Index"
     runs-on: "ubuntu-24.04"
+    if: ${{ github.repository_owner == 'Armbian' }}
+    permissions:
+      contents: write
     steps:
 
       - name: Checkout build framework repository
@@ -132,8 +135,8 @@ jobs:
 
           cp ${{ github.workspace }}/rpi-imager.json data/
 
-          git config --global user.name "github-actions"
-          git config --global user.email "github-actions@github.com"
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
           git add data/.
-          git diff --cached --quiet || git commit -m "Update WEB indes files"
+          git diff --cached --quiet || git commit -m "Update WEB index files"
           git push

.github/workflows/generate-servers-jsons.yml

@@ -12,6 +12,7 @@ jobs:
   generate:
     name: "Generate JSON from NetBox"
     runs-on: ubuntu-24.04
+    if: ${{ github.repository_owner == 'Armbian' }}
 
     env:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}