ci: Reduce permissions of semantic-pull-request check #657
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
tags: | |
- v* | |
branches-ignore: | |
- gh-pages | |
pull_request: | |
branches-ignore: | |
- gh-pages | |
schedule: | |
# Run daily at 01:34, so we get notified if CI is broken before a pull request | |
# is submitted. | |
- cron: "34 1 * * *" | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
lint: | |
if: github.event_name == 'schedule' || github.event_name == 'push' || github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id | |
uses: ./.github/workflows/lint.yml | |
test: | |
if: github.event_name == 'schedule' || github.event_name == 'push' || github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id | |
uses: ./.github/workflows/test.yml | |
codeql: | |
if: github.event_name == 'schedule' || github.event_name == 'push' || github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id | |
uses: ./.github/workflows/codeql.yml | |
build: | |
if: github.event_name == 'schedule' || github.event_name == 'push' || github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id | |
uses: ./.github/workflows/build.yml | |
# Virtual job that can be configured as a required check before a PR can be merged. | |
all-required-checks-done: | |
name: All required checks done | |
if: ${{ always() }} | |
needs: | |
- lint | |
- test | |
- codeql | |
- build | |
runs-on: ubuntu-latest | |
steps: | |
- run: echo "All required checks done" |