From b30b4f158cb19ff322f7e48414e0e0ddaef399ee Mon Sep 17 00:00:00 2001
From: eyedeekay <hankhill19580@gmail.com>
Date: Fri, 9 May 2025 23:01:47 -0400
Subject: [PATCH] mirror on push

---
 .github/workflows/sync.yaml | 7 +++++++
 pkg/workflow/generator.go   | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/.github/workflows/sync.yaml b/.github/workflows/sync.yaml
index 3de7e96..b44a3c6 100644
--- a/.github/workflows/sync.yaml
+++ b/.github/workflows/sync.yaml
@@ -12,8 +12,12 @@
 
 jobs:
   sync:
+    env:
+      GITHUB_ACTIONS_ENVIRONMENT: ${{ github.action }}
     runs-on: ubuntu-latest
     steps:
+      - name: Security Check
+        run: if [ "$GITHUB_ACTIONS_ENVIRONMENT" == "" ]; then echo "This workflow is only intended to run inside GitHub Actions"; exit 1; fi
       - name: Checkout GitHub Mirror
         uses: actions/checkout@v3
         with:
@@ -61,3 +65,6 @@ name: Sync Primary Repository to GitHub Mirror
   schedule:
     - cron: 0 * * * *
   workflow_dispatch: {}
+permissions:
+  actions: read
+  contents: write
diff --git a/pkg/workflow/generator.go b/pkg/workflow/generator.go
index 38935cf..e05db2a 100644
--- a/pkg/workflow/generator.go
+++ b/pkg/workflow/generator.go
@@ -81,6 +81,9 @@ func generateWorkflowYAML(data WorkflowTemplate) (string, error) {
 	workflow := map[string]interface{}{
 		"name": "Sync Primary Repository to GitHub Mirror",
 		"on": map[string]interface{}{
+			"push": map[string]interface{}{
+				"branches": []string{data.MirrorBranch},
+			},
 			"schedule": []map[string]string{
 				{"cron": data.CronSchedule},
 			},