Skip to content

Commit

Permalink
ci: use pull_request as trigger to code analysis workflows
Browse files Browse the repository at this point in the history
  • Loading branch information
juarezr committed Mar 14, 2024
1 parent 84e28f2 commit 23de056
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 27 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/codacy-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ name: Codacy Security Scan
on:
schedule:
- cron: '59 11 27 * *'
# push:
# branches: [ "master" ]
# pull_request:
# branches: [ "master" ]
# types: [opened, reopened, synchronize, ready_for_review]
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
types: [opened, reopened, synchronize, ready_for_review]
# workflow_run:
# workflows: [Test Changes]
# types:
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,11 @@ name: "CodeQL"
on:
schedule:
- cron: '59 10 27 * *'
# push:
# branches: [ "master" ]
# pull_request:
# branches: [ "master" ]
# types: [opened, reopened, synchronize, ready_for_review]
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
types: [opened, reopened, synchronize, ready_for_review]
# workflow_run:
# workflows: [Test Changes]
# types:
Expand Down
37 changes: 20 additions & 17 deletions .github/workflows/test-changes.yml
Original file line number Diff line number Diff line change
Expand Up @@ -202,21 +202,24 @@ jobs:
cd docs
sphinx-build -W -b singlehtml -d ../build/doctrees . ../build/singlehtml
call-workflow-codeql:
needs: test-source-code
uses: ./.github/workflows/codeql-analysis.yml
permissions:
actions: read
contents: read
pull-requests: write
security-events: write

call-workflow-codacity:
needs: test-source-code
uses: ./.github/workflows/codacy-analysis.yml
permissions:
actions: read
contents: read
pull-requests: write
security-events: write
# TODO: 1 configuration not found: https://docs.github.com/en/actions/using-workflows/reusing-workflows#overview
# call-workflow-codeql:
# needs: test-source-code
# uses: ./.github/workflows/codeql-analysis.yml
# permissions:

Check notice

Code scanning / Checkov (reported by Codacy)

Ensure top-level permissions are not set to write-all Note test

Ensure top-level permissions are not set to write-all
# actions: read
# contents: read
# pull-requests: write
# security-events: write
# secrets: inherit # pass all secrets

# call-workflow-codacity:
# needs: test-source-code
# uses: ./.github/workflows/codacy-analysis.yml
# permissions:
# actions: read
# contents: read
# pull-requests: write
# security-events: write
# secrets: inherit # pass all secrets

0 comments on commit 23de056

Please sign in to comment.