fix: ensure integration tests and security scans run on all branches

- Added push and pull_request triggers to integration test workflows (waf, cerberus, crowdsec, rate-limit) - Added push and pull_request triggers to security scan workflows (security-pr, supply-chain-pr) - Implemented logic to locate build artifacts when triggered directly via push/PR - Ensured consistent testing coverage across main, development, feature, and hotfix branches
2026-02-06 01:29:27 +00:00
parent 0696507415
commit a14e0966e6
6 changed files with 118 additions and 36 deletions
--- a/.github/workflows/cerberus-integration.yml
+++ b/.github/workflows/cerberus-integration.yml
@@ -6,7 +6,9 @@ on:
  workflow_run:
    workflows: ["Docker Build, Publish & Test"]
    types: [completed]
-    branches: [main, development, 'feature/**', 'hotfix/**']  # Explicit branch filter prevents unexpected triggers
+    branches: [main, development, 'feature/**', 'hotfix/**']
+  push:
+    branches: [main, development, 'feature/**', 'hotfix/**']
  pull_request:
    branches: [main, development, 'feature/**', 'hotfix/**']
  # Allow manual trigger for debugging
@@ -39,9 +41,9 @@ jobs:
      - name: Determine image tag
        id: determine-tag
        env:
-          EVENT: ${{ github.event.workflow_run.event }}
-          REF: ${{ github.event.workflow_run.head_branch }}
-          SHA: ${{ github.event.workflow_run.head_sha }}
+          EVENT: ${{ github.event.workflow_run.event || github.event_name }}
+          REF: ${{ github.event.workflow_run.head_branch || github.ref_name }}
+          SHA: ${{ github.event.workflow_run.head_sha || github.sha }}
          MANUAL_TAG: ${{ inputs.image_tag }}
        run: |
          # Manual trigger uses provided tag
@@ -63,6 +65,11 @@ jobs:
            # Use native pull_requests array (no API calls needed)
            PR_NUM=$(echo '${{ toJson(github.event.workflow_run.pull_requests) }}' | jq -r '.[0].number')

+            # Fallback for direct PR trigger
+            if [[ -z "$PR_NUM" || "$PR_NUM" == "null" ]]; then
+               PR_NUM="${{ github.event.number }}"
+            fi
+
            if [[ -z "$PR_NUM" || "$PR_NUM" == "null" ]]; then
              echo "❌ ERROR: Could not determine PR number"
              echo "Event: $EVENT"