diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 490c4cf023..3a138aecab 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -98,9 +98,9 @@ jobs:
         id: generate-metadata-file
         uses: hashicorp/actions-generate-metadata@v1  # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed
         with:
+          repository: boundary
           version: ${{ needs.set-product-version.outputs.product-version }}
           product: ${{ env.PKG_NAME }}
-
       - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: metadata.json
@@ -391,7 +391,7 @@ jobs:
     # Github Actions secrets, it only makes sense to run this workflow when those
     # secrets are available. Any pull requests from forks will not trigger the
     # workflow.
-    if: "! github.event.pull_request.head.repo.fork"
+    if: github.event.pull_request.head.repo.fork != 'true'
     needs:
       - set-product-version
       - product-metadata
@@ -406,7 +406,7 @@ jobs:
     secrets: inherit
   bats:
     uses: ./.github/workflows/test-cli-ui.yml
-    if: "! github.event.pull_request.head.repo.fork"
+    if: github.event.pull_request.head.repo.fork != 'true'
     needs:
       - set-product-version
       - build-linux
diff --git a/.github/workflows/enos-fmt.yml b/.github/workflows/enos-fmt.yml
index 327e693112..0021bcf744 100644
--- a/.github/workflows/enos-fmt.yml
+++ b/.github/workflows/enos-fmt.yml
@@ -13,7 +13,7 @@ jobs:
   fmt_check:
     # Only run this workflow on pull requests from hashicorp/boundary branches
     # as we need secrets to install enos.
-    if: "! github.event.pull_request.head.repo.fork"
+    if: github.event.pull_request.head.repo.fork != 'true'
     runs-on: ${{ fromJSON(vars.RUNNER) }}
     env:
       GITHUB_TOKEN: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }}
diff --git a/.github/workflows/milestone-checker.yml b/.github/workflows/milestone-checker.yml
index c660a97ad6..f457d296b0 100644
--- a/.github/workflows/milestone-checker.yml
+++ b/.github/workflows/milestone-checker.yml
@@ -18,7 +18,7 @@ jobs:
   # checks that a milestone entry is present for a PR
   milestone-check:
     # If there is a `pr/no-milestone` label we ignore this check
-    if: "!contains(github.event.pull_request.labels.*.name, 'pr/no-milestone')"
+    if: contains(github.event.pull_request.labels.*.name, 'pr/no-milestone') != 'true'
     runs-on: ${{ fromJSON(vars.RUNNER) }}
     steps:
       - name: Checkout Actions
diff --git a/.github/workflows/test-ci-cleanup-oss.yml b/.github/workflows/test-ci-cleanup-oss.yml
index bf5ef2486c..6f437924cf 100644
--- a/.github/workflows/test-ci-cleanup-oss.yml
+++ b/.github/workflows/test-ci-cleanup-oss.yml
@@ -34,11 +34,11 @@ jobs:
     container:
       image: rebuy/aws-nuke
       options:
-         --user root
-         -t
+        --user root
+        -t
       env:
-        AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         TIME_LIMIT: "48h"
     timeout-minutes: 60
     steps:
@@ -73,8 +73,8 @@ jobs:
     container:
       image: jantman/awslimitchecker
       env:
-        AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID_CI }}
-        AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY_CI }}
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_CI }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }}
     strategy:
       matrix:
         region: ${{ fromJSON(needs.setup.outputs.regions) }}