CI: Gate nx workflow to main repo to prevent fork runs

[kasperpeulen]

What I did

Added github.repository == 'storybookjs/storybook' as a top-level guard to the nx workflow job condition. The schedule and push events were not gated to the main repository, so forks with this workflow would trigger unnecessary CI runs consuming Nx Cloud resources. Other scheduled workflows already had similar guards.

Checklist for Contributors

Testing

The changes in this PR are covered in the following automated tests:

• stories
• unit tests
• integration tests
• end-to-end tests

Manual testing

Caution

This section is mandatory for all contributions. If you believe no manual test is necessary, please state so explicitly. Thanks!

No manual testing necessary — this is a CI workflow condition change. Verification will happen automatically when the workflow triggers on the next push to next or scheduled cron run.

Documentation

• Add or update documentation reflecting your changes
• If you are deprecating/removing a feature, make sure to update
  MIGRATION.MD

Checklist for Maintainers

• When this PR is ready for testing, make sure to add ci:normal, ci:merged or ci:daily GH label to it to run a specific set of sandboxes. The particular set of sandboxes can be found in code/lib/cli-storybook/src/sandbox-templates.ts

• Make sure this PR contains one of the labels below:

  Available labels

  • bug: Internal changes that fixes incorrect behavior.
  • maintenance: User-facing maintenance tasks.
  • dependencies: Upgrading (sometimes downgrading) dependencies.
  • build: Internal-facing build tooling & test updates. Will not show up in release changelog.
  • cleanup: Minor cleanup style change. Will not show up in release changelog.
  • documentation: Documentation only changes. Will not show up in release changelog.
  • feature request: Introducing a new feature.
  • BREAKING CHANGE: Changes that break compatibility in some way with current major version.
  • other: Changes that don't fit in the above categories.

🦋 Canary release

This PR does not have a canary release associated. You can request a canary release of this pull request by mentioning the @storybookjs/core team here.

core team members can create a canary release here or locally with gh workflow run --repo storybookjs/storybook publish.yml --field pr=<PR_NUMBER>

Summary by CodeRabbit

• Chores
  • Updated GitHub Actions workflow configuration to incorporate repository-level validation and access controls. The workflow now includes repository name verification as part of its overall job execution conditions while preserving all existing conditional logic for pull request processing, branch-specific deployments, and regularly scheduled task automation.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

---

📝 Walkthrough

Walkthrough

Adds a repository-level guard to .github/workflows/nx.yml, requiring github.repository == 'storybookjs/storybook' and wrapping existing pull_request, push, and schedule condition logic in a combined expression.

Changes

Cohort / File(s)	Summary
GitHub Actions workflow .github/workflows/nx.yml	Adds github.repository == 'storybookjs/storybook' to the job condition, reparenthesizes and wraps existing pull_request / push / schedule checks to restrict runs to the main repository.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• #33471: Also adds a repository/head-repo guard to .github/workflows/nx.yml to prevent workflow runs on forks.
• #33059: Modifies triggers and condition logic in the same .github/workflows/nx.yml workflow.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 8a97a8e

Command	Status	Duration	Result
nx run-many -t compile,check,knip,test,pretty-d...	❌ Failed	10m 17s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-02-19 09:58:25 UTC

[storybook-app-bot]

Package Benchmarks

^{Commit: 8a97a8e, ran on 19 February 2026 at 09:55:56 UTC}

The following packages have significant changes to their size or dependencies:

@storybook/nextjs-vite

	Before	After	Difference
Dependency count	92	92	0
Self size	1.12 MB	1.12 MB	0 B
Dependency size	22.34 MB	22.42 MB	🚨 +81 KB 🚨
Bundle Size Analyzer	Link	Link

@storybook/react-native-web-vite

	Before	After	Difference
Dependency count	124	124	0
Self size	30 KB	30 KB	🎉 -18 B 🎉
Dependency size	23.62 MB	23.70 MB	🚨 +81 KB 🚨
Bundle Size Analyzer	Link	Link

@storybook/react-vite

	Before	After	Difference
Dependency count	82	82	0
Self size	35 KB	35 KB	0 B
Dependency size	20.12 MB	20.20 MB	🚨 +81 KB 🚨
Bundle Size Analyzer	Link	Link