Limit GitHub actions to repositories in jenkinsci GitHub org (#2587)

No permissions to push to the wiki from other repositories

No permissions to push to the API viewer from other repositories

No significant benefit to security scan on other repositories

Author: MarkEWaite

.github/workflows/api-viewer.yml

@@ -20,7 +20,8 @@ concurrency:
 
 jobs:
   build:
-    if: github.repository_owner == 'jenkinsci'
+    # Only push to GitHub pages from repository in jenkinsci GitHub organization
+    if: ${{ github.repository_owner == 'jenkinsci' }}
     runs-on: ubuntu-latest
     steps:
       - name: Checkout

.github/workflows/jenkins-security-scan.yml

@@ -18,6 +18,8 @@ permissions:
 
 jobs:
   security-scan:
+    # Only run security scan from repository in jenkinsci GitHub organization
+    if: ${{ github.repository_owner == 'jenkinsci' }}
     uses: jenkins-infra/jenkins-security-scan/.github/workflows/jenkins-security-scan.yaml@v2
     with:
       java-cache: 'maven' # Optionally enable use of a build dependency cache. Specify 'maven' or 'gradle' as appropriate.

.github/workflows/wiki.yml

@@ -13,6 +13,8 @@ permissions:
 
 jobs:
   push-to-wiki:
+    # Only push to wiki from repository in jenkinsci GitHub organization
+    if: ${{ github.repository_owner == 'jenkinsci' }}
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo