diff --git a/.github/workflows/cd-deploy-nodes-gcp.yml b/.github/workflows/cd-deploy-nodes-gcp.yml
index 1338ed5f7b3..f7d15886293 100644
--- a/.github/workflows/cd-deploy-nodes-gcp.yml
+++ b/.github/workflows/cd-deploy-nodes-gcp.yml
@@ -227,12 +227,9 @@ jobs:
   # - on every push to the `main` branch
   # - on every release, when it's published
   # - on workflow_dispatch for manual deployments
-  
+
   # Determine which networks to deploy based on the trigger
-  
-  
-  
-  :
+  set-matrix:
     runs-on: ubuntu-latest
     outputs:
       networks: ${{ steps.set-networks.outputs.matrix }}
@@ -268,7 +265,7 @@ jobs:
     permissions:
       contents: "read"
       id-token: "write"
-    if: ${{ !cancelled() && !failure() && ((github.event_name == 'push' && github.ref_name == 'main') || github.event_name == 'release' || github.event_name == 'workflow_dispatch') }}
+    if: ${{ !cancelled() && !failure() && github.repository_owner == 'ZcashFoundation' && ((github.event_name == 'push' && github.ref_name == 'main') || github.event_name == 'release' || github.event_name == 'workflow_dispatch') }}
 
     steps:
       - uses: actions/checkout@v4.2.2
diff --git a/.github/workflows/chore-delete-gcp-resources.yml b/.github/workflows/chore-delete-gcp-resources.yml
index 661c8c05093..92d9103480b 100644
--- a/.github/workflows/chore-delete-gcp-resources.yml
+++ b/.github/workflows/chore-delete-gcp-resources.yml
@@ -34,6 +34,7 @@ env:
 jobs:
   delete-resources:
     name: Delete old GCP resources
+    if: github.repository_owner == 'ZcashFoundation'
     runs-on: ubuntu-latest
     permissions:
       contents: 'read'
@@ -105,6 +106,7 @@ jobs:
   # The same artifacts are used for both mainnet and testnet.
   clean-registries:
     name: Delete unused artifacts in registry
+    if: github.repository_owner == 'ZcashFoundation''
     runs-on: ubuntu-latest
     permissions:
       contents: 'read'
diff --git a/.github/workflows/ci-unit-tests-os.yml b/.github/workflows/ci-unit-tests-os.yml
index 6e9dc77d91d..d37328a5c12 100644
--- a/.github/workflows/ci-unit-tests-os.yml
+++ b/.github/workflows/ci-unit-tests-os.yml
@@ -309,7 +309,7 @@ jobs:
     needs: [ test,  install-from-lockfile-no-cache, check-cargo-lock, cargo-deny, unused-deps ]
     # Only open tickets for failed or cancelled jobs that are not coming from PRs.
     # (PR statuses are already reported in the PR jobs list, and checked by GitHub's Merge Queue.)
-    if: (failure() && github.event.pull_request == null) || (cancelled() && github.event.pull_request == null)
+    if: (failure() || cancelled()) && github.repository_owner == 'ZcashFoundation' && github.event.pull_request == null
     runs-on: ubuntu-latest
     steps:
       - uses: jayqi/failed-build-issue-action@v1
diff --git a/.github/workflows/docs-deploy-firebase.yml b/.github/workflows/docs-deploy-firebase.yml
index eca70c4d98b..eecb9ffacf5 100644
--- a/.github/workflows/docs-deploy-firebase.yml
+++ b/.github/workflows/docs-deploy-firebase.yml
@@ -105,6 +105,7 @@ jobs:
 
       # Setup gcloud CLI
       - name: Authenticate to Google Cloud
+        if: github.repository_owner == 'ZcashFoundation'
         id: auth
         uses: google-github-actions/auth@v2.1.8
         with:
@@ -114,11 +115,13 @@ jobs:
       # TODO: remove this step after issue https://github.com/FirebaseExtended/action-hosting-deploy/issues/174 is fixed
 
       - name: Add $GCP_FIREBASE_SA_PATH to env
+        if: github.repository_owner == 'ZcashFoundation'
         run: |
           # shellcheck disable=SC2002
           echo "GCP_FIREBASE_SA_PATH=$(cat ${{ steps.auth.outputs.credentials_file_path }} | tr -d '\n')" >> "$GITHUB_ENV"
 
       - name: Deploy Zebra book to firebase
+        if: github.repository_owner == 'ZcashFoundation'
         uses: FirebaseExtended/action-hosting-deploy@v0.9.0
         with:
           firebaseServiceAccount: ${{ env.GCP_FIREBASE_SA_PATH }}
@@ -163,6 +166,7 @@ jobs:
 
       # Setup gcloud CLI
       - name: Authenticate to Google Cloud
+        if: github.repository_owner == 'ZcashFoundation'
         id: auth
         uses: google-github-actions/auth@v2.1.8
         with:
@@ -171,11 +175,13 @@ jobs:
 
       # TODO: remove this step after issue https://github.com/FirebaseExtended/action-hosting-deploy/issues/174 is fixed
       - name: Add $GCP_FIREBASE_SA_PATH to env
+        if: github.repository_owner == 'ZcashFoundation'
         run: |
           # shellcheck disable=SC2002
           echo "GCP_FIREBASE_SA_PATH=$(cat ${{ steps.auth.outputs.credentials_file_path }} | tr -d '\n')" >> "$GITHUB_ENV"
 
       - name: Deploy internal docs to firebase
+        if: github.repository_owner == 'ZcashFoundation'
         uses: FirebaseExtended/action-hosting-deploy@v0.9.0
         with:
           firebaseServiceAccount: ${{ env.GCP_FIREBASE_SA_PATH }}
diff --git a/.github/workflows/docs-dockerhub-description.yml b/.github/workflows/docs-dockerhub-description.yml
index 754208d6651..8efdaca1d54 100644
--- a/.github/workflows/docs-dockerhub-description.yml
+++ b/.github/workflows/docs-dockerhub-description.yml
@@ -15,6 +15,7 @@ on:
 
 jobs:
   dockerHubDescription:
+    if: github.repository_owner == 'ZcashFoundation'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4.2.2
diff --git a/.github/workflows/sub-build-docker-image.yml b/.github/workflows/sub-build-docker-image.yml
index 1ec1b88c0d2..7a64abaa22b 100644
--- a/.github/workflows/sub-build-docker-image.yml
+++ b/.github/workflows/sub-build-docker-image.yml
@@ -61,6 +61,7 @@ env:
 jobs:
   build:
     name: Build images
+    if: github.repository_owner == 'ZcashFoundation'
     timeout-minutes: 210
     runs-on: ubuntu-latest
     environment: ${{ github.event_name == 'release' && 'prod' || 'dev' }}
@@ -111,7 +112,7 @@ jobs:
             # DockerHub release and CI tags.
             # This tag makes sure tests are using exactly the right image, even when multiple PRs run at the same time.
             type=sha,event=push
-            # These CI-only tags support CI on PRs, the main branch, and scheduled full syncs. 
+            # These CI-only tags support CI on PRs, the main branch, and scheduled full syncs.
             # These tags do not appear on DockerHub, because DockerHub images are only published on the release event.
             type=ref,event=pr
             type=ref,event=branch
diff --git a/.github/workflows/sub-ci-integration-tests-gcp.yml b/.github/workflows/sub-ci-integration-tests-gcp.yml
index 438b32ac235..fde8ef835ca 100644
--- a/.github/workflows/sub-ci-integration-tests-gcp.yml
+++ b/.github/workflows/sub-ci-integration-tests-gcp.yml
@@ -523,7 +523,7 @@ jobs:
         lightwalletd-grpc-test,
         get-block-template-test,
         submit-block-test,
-        scan-task-commands-test,
+        test-scanner,
       ]
     # Only open tickets for failed scheduled jobs, manual workflow runs, or `main` branch merges.
     # (PR statuses are already reported in the PR jobs list, and checked by GitHub's Merge Queue.)