From a6bee7c2b286b34e3a7acd04e24de34d20550fca Mon Sep 17 00:00:00 2001
From: Naoyuki Sogo <sogo@longtail-software.co.jp>
Date: Sat, 6 Jun 2026 19:06:05 +0900
Subject: [PATCH] fix: guard build_and_deploy against non-master PRs

The branches: [master] filter on pull_request_target is evaluated
against github.ref (always the default branch), not the PR's base
branch, so it fires for every merged PR. Add an explicit base.ref
check to the job condition so build and deploy only runs when a PR
is actually merged into master.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/build_and_deploy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml
index 8a43efac..7737840b 100644
--- a/.github/workflows/build_and_deploy.yml
+++ b/.github/workflows/build_and_deploy.yml
@@ -7,7 +7,7 @@ on:
       - closed
 jobs:
   build_and_deploy:
-    if: github.event.pull_request.merged == true
+    if: github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'master'
     env:
       DOCKER_USER_NAME: ${{ vars.DOCKER_USER_NAME }}
       DOCKER_CONTAINER_NAME: ${{ vars.DOCKER_CONTAINER_NAME }}