diff --git a/.github/workflows/auto-add-to-project.yml b/.github/workflows/auto-add-to-project.yml index 7ae5b43c..658beadc 100644 --- a/.github/workflows/auto-add-to-project.yml +++ b/.github/workflows/auto-add-to-project.yml @@ -3,8 +3,6 @@ name: Auto-add issues and PRs to Project on: issues: types: [opened, reopened] - pull_request: - types: [opened, reopened] concurrency: group: ${{ github.workflow }}-${{ github.event.issue.number || github.event.pull_request.number }} diff --git a/.github/workflows/cerberus-integration.yml b/.github/workflows/cerberus-integration.yml index 3b7ee23e..3c6bc553 100644 --- a/.github/workflows/cerberus-integration.yml +++ b/.github/workflows/cerberus-integration.yml @@ -3,11 +3,6 @@ name: Cerberus Integration # Phase 2-3: Build Once, Test Many - Use registry image instead of building # This workflow now waits for docker-build.yml to complete and pulls the built image on: - workflow_run: - workflows: - - Docker Build, Publish & Test - types: - - completed workflow_dispatch: inputs: image_tag: diff --git a/.github/workflows/ci-pipeline.yml b/.github/workflows/ci-pipeline.yml index acf9653d..6b02bf88 100644 --- a/.github/workflows/ci-pipeline.yml +++ b/.github/workflows/ci-pipeline.yml @@ -410,7 +410,6 @@ jobs: - integration-crowdsec - integration-waf - integration-ratelimit - if: always() steps: - name: Evaluate integration results run: | @@ -529,7 +528,6 @@ jobs: - coverage-backend - coverage-frontend - e2e - if: always() steps: - name: Evaluate coverage results run: | @@ -609,7 +607,6 @@ jobs: runs-on: ubuntu-latest needs: - codecov-upload - if: always() steps: - name: Evaluate Codecov upload results run: | @@ -751,7 +748,6 @@ jobs: - security-codeql - security-trivy - security-supply-chain - if: always() steps: - name: Evaluate pipeline results run: | diff --git a/.github/workflows/crowdsec-integration.yml b/.github/workflows/crowdsec-integration.yml index b8d0edbc..6375d3cd 100644 --- a/.github/workflows/crowdsec-integration.yml +++ b/.github/workflows/crowdsec-integration.yml @@ -3,9 +3,6 @@ name: CrowdSec Integration # Phase 2-3: Build Once, Test Many - Use registry image instead of building # This workflow now waits for docker-build.yml to complete and pulls the built image on: - workflow_run: - workflows: ["Docker Build, Publish & Test"] - types: [completed] workflow_dispatch: inputs: image_tag: diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index c9d48503..c9d17b60 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -22,8 +22,6 @@ name: Docker Build, Publish & Test on: workflow_dispatch: - pull_request: - push: concurrency: group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event_name == 'workflow_run' && github.event.workflow_run.head_branch || github.head_ref || github.ref_name }} diff --git a/.github/workflows/gh_cache_cleanup.yml b/.github/workflows/gh_cache_cleanup.yml index 07c5d79d..dde5a652 100644 --- a/.github/workflows/gh_cache_cleanup.yml +++ b/.github/workflows/gh_cache_cleanup.yml @@ -1,8 +1,11 @@ name: Cleanup github runner caches on closed pull requests on: - pull_request: - types: - - closed + workflow_dispatch: + inputs: + pr_number: + description: 'PR number to clean caches for' + required: true + type: string jobs: cleanup: @@ -25,4 +28,4 @@ jobs: env: GH_TOKEN: ${{ github.token }} GH_REPO: ${{ github.repository }} - BRANCH: refs/pull/${{ github.event.pull_request.number }}/merge + BRANCH: refs/pull/${{ inputs.pr_number }}/merge diff --git a/.github/workflows/pr-checklist.yml b/.github/workflows/pr-checklist.yml index 3ad4f5b3..188841bc 100644 --- a/.github/workflows/pr-checklist.yml +++ b/.github/workflows/pr-checklist.yml @@ -1,11 +1,15 @@ name: PR Checklist Validation (History Rewrite) on: - pull_request: - types: [opened, edited, synchronize] + workflow_dispatch: + inputs: + pr_number: + description: 'PR number to validate' + required: true + type: string concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number }} + group: ${{ github.workflow }}-${{ inputs.pr_number || github.event.pull_request.number }} cancel-in-progress: true jobs: @@ -18,11 +22,17 @@ jobs: - name: Validate PR checklist (only for history-rewrite changes) uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + env: + PR_NUMBER: ${{ inputs.pr_number }} with: script: | const owner = context.repo.owner; const repo = context.repo.repo; - const prNumber = context.issue.number; + const prNumber = Number(process.env.PR_NUMBER || context.issue.number); + if (!prNumber) { + core.setFailed('Missing PR number input for workflow_dispatch.'); + return; + } const pr = await github.rest.pulls.get({owner, repo, pull_number: prNumber}); const body = (pr.data && pr.data.body) || ''; diff --git a/.github/workflows/rate-limit-integration.yml b/.github/workflows/rate-limit-integration.yml index ab36a10d..1b093db2 100644 --- a/.github/workflows/rate-limit-integration.yml +++ b/.github/workflows/rate-limit-integration.yml @@ -3,9 +3,6 @@ name: Rate Limit integration # Phase 2-3: Build Once, Test Many - Use registry image instead of building # This workflow now waits for docker-build.yml to complete and pulls the built image on: - workflow_run: - workflows: ["Docker Build, Publish & Test"] - types: [completed] workflow_dispatch: inputs: image_tag: diff --git a/.github/workflows/renovate_prune.yml b/.github/workflows/renovate_prune.yml index dea92e98..7bad9eea 100644 --- a/.github/workflows/renovate_prune.yml +++ b/.github/workflows/renovate_prune.yml @@ -4,8 +4,6 @@ on: workflow_dispatch: schedule: - cron: '0 3 * * *' # daily at 03:00 UTC - pull_request: - types: [closed] # also run when any PR is closed (makes pruning near-real-time) permissions: contents: write # required to delete branch refs diff --git a/.github/workflows/security-pr.yml b/.github/workflows/security-pr.yml index 2603c074..b0732348 100644 --- a/.github/workflows/security-pr.yml +++ b/.github/workflows/security-pr.yml @@ -10,11 +10,6 @@ on: description: 'PR number to scan (optional)' required: false type: string - workflow_run: - workflows: - - Docker Build, Publish & Test - types: - - completed concurrency: group: security-pr-${{ github.event.workflow_run.event || github.event_name }}-${{ github.event.workflow_run.head_branch || github.ref }} diff --git a/.github/workflows/supply-chain-pr.yml b/.github/workflows/supply-chain-pr.yml index 6be33630..e3d94dc1 100644 --- a/.github/workflows/supply-chain-pr.yml +++ b/.github/workflows/supply-chain-pr.yml @@ -9,11 +9,6 @@ on: description: "PR number to verify (optional, will auto-detect from workflow_run)" required: false type: string - workflow_run: - workflows: - - Docker Build, Publish & Test - types: - - completed concurrency: group: supply-chain-pr-${{ github.event.workflow_run.event || github.event_name }}-${{ github.event.workflow_run.head_branch || github.ref }} diff --git a/.github/workflows/waf-integration.yml b/.github/workflows/waf-integration.yml index 668cba33..3d862d50 100644 --- a/.github/workflows/waf-integration.yml +++ b/.github/workflows/waf-integration.yml @@ -3,9 +3,6 @@ name: WAF integration # Phase 2-3: Build Once, Test Many - Use registry image instead of building # This workflow now waits for docker-build.yml to complete and pulls the built image on: - workflow_run: - workflows: ["Docker Build, Publish & Test"] - types: [completed] workflow_dispatch: inputs: image_tag: