Skip to content

ci: Reduce permissions of semantic-pull-request check #657

ci: Reduce permissions of semantic-pull-request check

ci: Reduce permissions of semantic-pull-request check #657

Workflow file for this run

name: CI
on:
push:
tags:
- v*
branches-ignore:
- gh-pages
pull_request:
branches-ignore:
- gh-pages
schedule:
# Run daily at 01:34, so we get notified if CI is broken before a pull request
# is submitted.
- cron: "34 1 * * *"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
lint:
if: github.event_name == 'schedule' || github.event_name == 'push' || github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id
uses: ./.github/workflows/lint.yml
test:
if: github.event_name == 'schedule' || github.event_name == 'push' || github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id
uses: ./.github/workflows/test.yml
codeql:
if: github.event_name == 'schedule' || github.event_name == 'push' || github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id
uses: ./.github/workflows/codeql.yml
build:
if: github.event_name == 'schedule' || github.event_name == 'push' || github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id
uses: ./.github/workflows/build.yml
# Virtual job that can be configured as a required check before a PR can be merged.
all-required-checks-done:
name: All required checks done
if: ${{ always() }}
needs:
- lint
- test
- codeql
- build
runs-on: ubuntu-latest
steps:
- run: echo "All required checks done"