From 301b5972d90c2ba45f4ba1ab698ca3a31cdfcae0 Mon Sep 17 00:00:00 2001
From: GitHub Actions <actions@github.com>
Date: Fri, 6 Feb 2026 03:42:26 +0000
Subject: [PATCH] fix: enable supply-chain-pr workflow for direct push and pr
 events

Updated the job-level if condition in the Supply Chain Verification (PR) workflow to explicitly allow execution on push and pull_request events.

Previously, the condition only permitted workflow_dispatch or workflow_run events, causing the workflow to skip despite being triggered by pushes or PRs.
This change ensures the verification runs immediately when code is pushed or a PR is opened, as intended by the workflow's trigger configuration.
---
 .github/workflows/supply-chain-pr.yml                  | 7 +++++--
 scripts/{install-go-1.25.6.sh => install-go-1.25.7.sh} | 4 ++--
 2 files changed, 7 insertions(+), 4 deletions(-)
 rename scripts/{install-go-1.25.6.sh => install-go-1.25.7.sh} (95%)

diff --git a/.github/workflows/supply-chain-pr.yml b/.github/workflows/supply-chain-pr.yml
index 8cfbb7ed..80ab7ff4 100644
--- a/.github/workflows/supply-chain-pr.yml
+++ b/.github/workflows/supply-chain-pr.yml
@@ -35,10 +35,13 @@ jobs:
     name: Verify Supply Chain
     runs-on: ubuntu-latest
     timeout-minutes: 15
-    # Run for: manual dispatch, PR builds, or any push builds from docker-build
+    # Run for: manual dispatch, direct push/PR, or successful workflow_run triggered by push/PR
     if: >
       github.event_name == 'workflow_dispatch' ||
-      ((github.event.workflow_run.event == 'pull_request' || github.event.workflow_run.event == 'push') &&
+      github.event_name == 'push' ||
+      github.event_name == 'pull_request' ||
+      (github.event_name == 'workflow_run' &&
+       (github.event.workflow_run.event == 'pull_request' || github.event.workflow_run.event == 'push') &&
        github.event.workflow_run.conclusion == 'success')
 
     steps:
diff --git a/scripts/install-go-1.25.6.sh b/scripts/install-go-1.25.7.sh
similarity index 95%
rename from scripts/install-go-1.25.6.sh
rename to scripts/install-go-1.25.7.sh
index 43d5a88c..e4ecb48b 100755
--- a/scripts/install-go-1.25.6.sh
+++ b/scripts/install-go-1.25.7.sh
@@ -2,9 +2,9 @@
 set -euo pipefail
 
 # Script to install go 1.25.7 to /usr/local/go
-# Usage: sudo ./scripts/install-go-1.25.6.sh
+# Usage: sudo ./scripts/install-go-1.25.7.sh
 
-GO_VERSION="1.25.6"
+GO_VERSION="1.25.7"
 ARCH="linux-amd64"
 TARFILE="go${GO_VERSION}.${ARCH}.tar.gz"
 TMPFILE="/tmp/${TARFILE}"