akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

chore: update workflows to trigger on completion of Docker Build, Publish & Test

Browse Source
This commit is contained in:
GitHub Actions
2026-02-08 02:48:55 +00:00
parent cbf61acfef
commit 5ab66ddbc1
14 changed files with 129 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/auto-changelog.yml vendored
View File

@@ -1,20 +1,25 @@
name: Auto Changelog (Release Drafter)
on:
push:
workflow_run:
workflows: ["Docker Build, Publish & Test"]
types: [completed]
branches: [ main ]
release:
types: [published]
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.ref_name }}
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.workflow_run.head_branch || github.head_ref || github.ref_name }}
cancel-in-progress: true
jobs:
update-draft:
runs-on: ubuntu-latest
if: ${{ github.event_name != 'workflow_run' || (github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'main') }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Draft Release
uses: release-drafter/release-drafter@6db134d15f3909ccc9eefd369f02bd1e9cffdf97 # v6
env:

8
.github/workflows/auto-versioning.yml vendored
View File

@@ -8,11 +8,13 @@ name: Auto Versioning and Release
# ⚠️ Major version bumps are intentionally disabled in automation to prevent accidents.
on:
push:
workflow_run:
workflows: ["Docker Build, Publish & Test"]
types: [completed]
branches: [ main ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
group: ${{ github.workflow }}-${{ github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: false # Don't cancel in-progress releases
permissions:
@@ -21,11 +23,13 @@ permissions:
jobs:
version:
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'main' }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Calculate Semantic Version
id: semver

22
.github/workflows/benchmark.yml vendored
View File

@@ -1,22 +1,13 @@
name: Go Benchmark
on:
push:
branches:
- main
- development
- 'feature/**'
- 'hotfix/**'
pull_request:
branches:
- main
- development
- 'feature/**'
- 'hotfix/**'
workflow_run:
workflows: ["Docker Build, Publish & Test"]
types: [completed]
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: true
env:
@@ -31,6 +22,7 @@ jobs:
benchmark:
name: Performance Regression Check
runs-on: ubuntu-latest
if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
# Grant write permissions for storing benchmark results (only used on push via step condition)
# Note: GitHub Actions doesn't support dynamic expressions in permissions block
permissions:
@@ -38,6 +30,8 @@ jobs:
deployments: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Set up Go
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
@@ -52,7 +46,7 @@ jobs:
- name: Store Benchmark Result
# Only store results on pushes to main - PRs just run benchmarks without storage
# This avoids gh-pages branch errors and permission issues on fork PRs
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
if: github.event.workflow_run.event == 'push' && github.event.workflow_run.head_branch == 'main'
# Security: Pinned to full SHA for supply chain security
uses: benchmark-action/github-action-benchmark@4e0b38bc48375986542b13c0d8976b7b80c60c00 # v1
with:

23
.github/workflows/codecov-upload.yml vendored
View File

@@ -1,21 +1,12 @@
name: Upload Coverage to Codecov (Push only)
name: Upload Coverage to Codecov
on:
push:
branches:
- main
- development
- 'feature/**'
- 'hotfix/**'
pull_request:
branches:
- main
- development
- 'feature/**'
- 'hotfix/**'
workflow_run:
workflows: ["Docker Build, Publish & Test"]
types: [completed]
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.ref_name }}
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.workflow_run.head_branch || github.head_ref || github.ref_name }}
cancel-in-progress: true
env:
@@ -31,11 +22,13 @@ jobs:
name: Backend Codecov Upload
runs-on: ubuntu-latest
timeout-minutes: 15
if: ${{ github.event.workflow_run.conclusion == 'success' }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Set up Go
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
@@ -63,11 +56,13 @@ jobs:
name: Frontend Codecov Upload
runs-on: ubuntu-latest
timeout-minutes: 15
if: ${{ github.event.workflow_run.conclusion == 'success' }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Set up Node.js
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6

22
.github/workflows/codeql.yml vendored
View File

@@ -1,23 +1,14 @@
name: CodeQL - Analyze
on:
push:
branches:
- main
- development
- 'feature/**'
- 'hotfix/**'
pull_request:
branches:
- main
- development
- 'feature/**'
- 'hotfix/**'
workflow_run:
workflows: ["Docker Build, Publish & Test"]
types: [completed]
schedule:
- cron: '0 3 * * 1'
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.ref_name }}
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.workflow_run.head_branch || github.head_ref || github.ref_name }}
cancel-in-progress: true
env:
@@ -35,7 +26,8 @@ jobs:
name: CodeQL analysis (${{ matrix.language }})
runs-on: ubuntu-latest
# Skip forked PRs where CHARON_TOKEN lacks security-events permissions
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false
if: >-
(github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success')
permissions:
contents: read
security-events: write
@@ -48,6 +40,8 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Initialize CodeQL
uses: github/codeql-action/init@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4

4
.github/workflows/docker-lint.yml vendored
View File

@@ -3,12 +3,8 @@ name: Docker Lint
on:
push:
branches: [ main, development, 'feature/**', 'hotfix/**' ]
paths:
- 'Dockerfile'
pull_request:
branches: [ main, development, 'feature/**', 'hotfix/**' ]
paths:
- 'Dockerfile'
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.ref_name }}

23
.github/workflows/docs-to-issues.yml vendored
View File

@@ -1,16 +1,9 @@
name: Convert Docs to Issues
on:
push:
branches:
- main
- development
- feature/**
paths:
- 'docs/issues/**/*.md'
- '!docs/issues/created/**'
- '!docs/issues/_TEMPLATE.md'
- '!docs/issues/README.md'
workflow_run:
workflows: ["Docker Build, Publish & Test"]
types: [completed]
# Allow manual trigger
workflow_dispatch:
@@ -26,7 +19,7 @@ on:
type: string
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
group: ${{ github.workflow }}-${{ github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: false
env:
@@ -41,13 +34,14 @@ jobs:
convert-docs:
name: Convert Markdown to Issues
runs-on: ubuntu-latest
if: github.actor != 'github-actions[bot]'
if: github.actor != 'github-actions[bot]' && (github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success')
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 2
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Set up Node.js
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
@@ -60,10 +54,13 @@ jobs:
- name: Detect changed files
id: changes
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
env:
COMMIT_SHA: ${{ github.event.workflow_run.head_sha || github.sha }}
with:
script: |
const fs = require('fs');
const path = require('path');
const commitSha = process.env.COMMIT_SHA || context.sha;
// Manual file specification
const manualFile = '${{ github.event.inputs.file_path }}';
@@ -81,7 +78,7 @@ jobs:
const { data: commit } = await github.rest.repos.getCommit({
owner: context.repo.owner,
repo: context.repo.repo,
ref: context.sha
ref: commitSha
});
const changedFiles = (commit.files || [])

26
.github/workflows/docs.yml vendored
View File

@@ -1,20 +1,9 @@
name: Deploy Documentation to GitHub Pages
on:
push:
branches:
- '**'
paths:
- 'docs/**'
- 'README.md'
- '.github/workflows/docs.yml'
pull_request:
branches:
- '**'
paths:
- 'docs/**'
- 'README.md'
- '.github/workflows/docs.yml'
workflow_run:
workflows: ["Docker Build, Publish & Test"]
types: [completed]
workflow_dispatch: # Allow manual trigger
# Sets permissions to allow deployment to GitHub Pages
@@ -25,7 +14,7 @@ permissions:
# Allow only one concurrent deployment
concurrency:
group: "pages-${{ github.event_name }}-${{ github.ref }}"
group: "pages-${{ github.event_name }}-${{ github.event.workflow_run.head_branch || github.ref }}"
cancel-in-progress: false
env:
@@ -36,6 +25,7 @@ jobs:
name: Build Documentation
runs-on: ubuntu-latest
timeout-minutes: 10
if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
env:
REPO_NAME: ${{ github.event.repository.name }}
@@ -43,6 +33,8 @@ jobs:
# Step 1: Get the code
- name: 📥 Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
# Step 2: Set up Node.js (for building any JS-based doc tools)
- name: 🔧 Set up Node.js
@@ -366,7 +358,9 @@ jobs:
deploy:
name: Deploy to GitHub Pages
if: github.ref == 'refs/heads/main'
if: >-
(github.event_name == 'workflow_run' && github.event.workflow_run.head_branch == 'main') ||
(github.event_name != 'workflow_run' && github.ref == 'refs/heads/main')
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}

11
.github/workflows/dry-run-history-rewrite.yml vendored
View File

@@ -1,16 +1,15 @@
name: History Rewrite Dry-Run
on:
push:
branches: [main, development, 'feature/**', 'hotfix/**']
pull_request:
types: [opened, synchronize, reopened]
workflow_run:
workflows: ["Docker Build, Publish & Test"]
types: [completed]
schedule:
- cron: '0 2 * * *' # daily at 02:00 UTC
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.ref_name }}
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.workflow_run.head_branch || github.head_ref || github.ref_name }}
cancel-in-progress: true
permissions:
@@ -20,11 +19,13 @@ jobs:
preview-history:
name: Dry-run preview for history rewrite
runs-on: ubuntu-latest
if: ${{ github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success' }}
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Debug git info
run: |

34
.github/workflows/e2e-tests-split.yml vendored
View File

@@ -16,23 +16,6 @@ on:
workflow_run:
workflows: ["Docker Build, Publish & Test"]
types: [completed]
push:
branches: [main, development, 'feature/**', 'hotfix/**']
paths:
- 'frontend/**'
- 'backend/**'
- 'tests/**'
- 'playwright.config.js'
- '.github/workflows/e2e-tests-split.yml'
pull_request:
branches: [main, development, 'feature/**', 'hotfix/**']
paths:
- 'frontend/**'
- 'backend/**'
- 'tests/**'
- 'playwright.config.js'
- '.github/workflows/e2e-tests-split.yml'
workflow_dispatch:
inputs:
browser:
@@ -67,7 +50,7 @@ env:
CI_LOG_LEVEL: 'verbose'
concurrency:
group: e2e-split-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
group: e2e-split-${{ github.workflow }}-${{ github.event.workflow_run.pull_requests[0].number || github.event.pull_request.number || github.event.workflow_run.head_branch || github.head_ref || github.ref_name }}
cancel-in-progress: true
jobs:
@@ -75,11 +58,14 @@ jobs:
build:
name: Build Application
runs-on: ubuntu-latest
if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
outputs:
image_digest: ${{ steps.build-image.outputs.digest }}
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Set up Go
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
@@ -154,6 +140,8 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Set up Node.js
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
@@ -312,6 +300,8 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Set up Node.js
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
@@ -478,6 +468,8 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Set up Node.js
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
@@ -656,6 +648,8 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Set up Node.js
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
@@ -811,6 +805,8 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Set up Node.js
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
@@ -974,6 +970,8 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Set up Node.js
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6

19
.github/workflows/history-rewrite-tests.yml vendored
View File

@@ -1,31 +1,24 @@
name: History Rewrite Tests
on:
push:
branches:
- main
- development
- 'feature/**'
- 'hotfix/**'
pull_request:
branches:
- main
- development
- 'feature/**'
- 'hotfix/**'
workflow_run:
workflows: ["Docker Build, Publish & Test"]
types: [completed]
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.ref_name }}
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.workflow_run.head_branch || github.head_ref || github.ref_name }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
steps:
- name: Checkout with full history
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Install dependencies
run: |

32
.github/workflows/propagate-changes.yml vendored
View File

@@ -1,13 +1,13 @@
name: Propagate Changes Between Branches
on:
push:
branches:
- main
- development
workflow_run:
workflows: ["Docker Build, Publish & Test"]
types: [completed]
branches: [ main, development ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
group: ${{ github.workflow }}-${{ github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: false
env:
@@ -22,7 +22,10 @@ jobs:
propagate:
name: Create PR to synchronize branches
runs-on: ubuntu-latest
if: github.actor != 'github-actions[bot]' && github.event.pusher != null
if: >-
github.actor != 'github-actions[bot]' &&
github.event.workflow_run.conclusion == 'success' &&
(github.event.workflow_run.head_branch == 'main' || github.event.workflow_run.head_branch == 'development')
steps:
- name: Set up Node (for github-script)
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
@@ -31,24 +34,27 @@ jobs:
- name: Propagate Changes
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
env:
CURRENT_BRANCH: ${{ github.event.workflow_run.head_branch || github.ref_name }}
CURRENT_SHA: ${{ github.event.workflow_run.head_sha || github.sha }}
with:
script: |
const currentBranch = context.ref.replace('refs/heads/', '');
const currentBranch = process.env.CURRENT_BRANCH || context.ref.replace('refs/heads/', '');
let excludedBranch = null;
// Loop Prevention: Identify if this commit is from a merged PR
try {
const associatedPRs = await github.rest.repos.listPullRequestsAssociatedWithCommit({
const associatedPRs = await github.rest.repos.listPullRequestsAssociatedWithCommit({
owner: context.repo.owner,
repo: context.repo.repo,
commit_sha: context.sha,
commit_sha: process.env.CURRENT_SHA || context.sha,
});
// If the commit comes from a PR, we identify the source branch
// so we don't try to merge changes back into it immediately.
if (associatedPRs.data.length > 0) {
excludedBranch = associatedPRs.data[0].head.ref;
core.info(`Commit ${context.sha} is associated with PR #${associatedPRs.data[0].number} coming from '${excludedBranch}'. This branch will be excluded from propagation to prevent loops.`);
core.info(`Commit ${process.env.CURRENT_SHA || context.sha} is associated with PR #${associatedPRs.data[0].number} coming from '${excludedBranch}'. This branch will be excluded from propagation to prevent loops.`);
}
} catch (err) {
core.warning(`Failed to check associated PRs: ${err.message}`);
@@ -197,6 +203,6 @@ jobs:
await createPR('development', targetBranch);
}
}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CHARON_TOKEN: ${{ secrets.CHARON_TOKEN }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CHARON_TOKEN: ${{ secrets.CHARON_TOKEN }}

42
.github/workflows/quality-checks.yml vendored
View File

@@ -4,21 +4,9 @@ on:
workflow_run:
workflows: ["Docker Build, Publish & Test"]
types: [completed]
push:
branches:
- main
- development
- 'feature/**'
- 'hotfix/**'
pull_request:
branches:
- main
- development
- 'feature/**'
- 'hotfix/**'
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.ref_name }}
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.workflow_run.head_branch || github.head_ref || github.ref_name }}
cancel-in-progress: true
permissions:
@@ -34,8 +22,11 @@ jobs:
backend-quality:
name: Backend (Go)
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Set up Go
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
@@ -75,7 +66,7 @@ jobs:
echo '```' >> $GITHUB_STEP_SUMMARY
fi
# Codecov upload moved to `codecov-upload.yml` which is push-only.
# Codecov upload moved to `codecov-upload.yml` (Docker Build-gated).
- name: Run golangci-lint
@@ -135,10 +126,12 @@ jobs:
frontend-quality:
name: Frontend (React)
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Repo health check
run: |
@@ -154,15 +147,24 @@ jobs:
- name: Check if frontend was modified in PR
id: check-frontend
run: |
if [ "${{ github.event_name }}" = "push" ]; then
EVENT_NAME="${{ github.event.workflow_run.event || github.event_name }}"
BASE_REF="${{ github.event.workflow_run.pull_requests[0].base.ref || github.event.pull_request.base.ref }}"
if [ "$EVENT_NAME" = "push" ]; then
echo "frontend_changed=true" >> $GITHUB_OUTPUT
exit 0
fi
# Try to fetch the PR base ref. This may fail for forked PRs or other cases.
git fetch origin ${{ github.event.pull_request.base.ref }} --depth=1 || true
if [ -n "$BASE_REF" ]; then
git fetch origin "$BASE_REF" --depth=1 || true
fi
# Compute changed files against the PR base ref, fallback to origin/main, then fallback to last 10 commits
CHANGED=$(git diff --name-only origin/${{ github.event.pull_request.base.ref }}...HEAD 2>/dev/null || echo "")
if [ -n "$BASE_REF" ]; then
CHANGED=$(git diff --name-only "origin/${BASE_REF}"...HEAD 2>/dev/null || echo "")
else
CHANGED=""
fi
echo "Changed files (base ref):\n$CHANGED"
if [ -z "$CHANGED" ]; then
@@ -186,13 +188,13 @@ jobs:
- name: Install dependencies
working-directory: frontend
if: ${{ github.event_name == 'push' || steps.check-frontend.outputs.frontend_changed == 'true' }}
if: ${{ github.event.workflow_run.event == 'push' || steps.check-frontend.outputs.frontend_changed == 'true' }}
run: npm ci
- name: Run frontend tests and coverage
id: frontend-tests
working-directory: ${{ github.workspace }}
if: ${{ github.event_name == 'push' || steps.check-frontend.outputs.frontend_changed == 'true' }}
if: ${{ github.event.workflow_run.event == 'push' || steps.check-frontend.outputs.frontend_changed == 'true' }}
run: |
bash scripts/frontend-test-coverage.sh 2>&1 | tee frontend/test-output.txt
exit ${PIPESTATUS[0]}
@@ -218,7 +220,7 @@ jobs:
echo '```' >> $GITHUB_STEP_SUMMARY
fi
# Codecov upload moved to `codecov-upload.yml` which is push-only.
# Codecov upload moved to `codecov-upload.yml` (Docker Build-gated).

8
.github/workflows/security-pr.yml vendored
View File

@@ -9,10 +9,6 @@ on:
types:
- completed
branches: [main, development, 'feature/**', 'hotfix/**']
push:
branches: [main, development, 'feature/**', 'hotfix/**']
pull_request:
branches: [main, development, 'feature/**', 'hotfix/**']
workflow_dispatch:
inputs:
@@ -33,8 +29,6 @@ jobs:
# Run for: manual dispatch, PR builds, or any push builds from docker-build
if: >-
github.event_name == 'workflow_dispatch' ||
github.event_name == 'push' ||
github.event_name == 'pull_request' ||
((github.event.workflow_run.event == 'pull_request' || github.event.workflow_run.event == 'push') &&
github.event.workflow_run.conclusion == 'success')
@@ -48,6 +42,8 @@ jobs:
- name: Checkout repository
# actions/checkout v4.2.2
uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98
with:
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
- name: Extract PR number from workflow_run
id: pr-info