From c6e2b5d24e8f2d595329cc1cf4868c3978a90de3 Mon Sep 17 00:00:00 2001 From: chris3ware <36608309+chris3ware@users.noreply.github.com> Date: Wed, 26 Mar 2025 09:13:55 +0000 Subject: [PATCH 1/2] feat(dep-review): Add workflow_call trigger --- .github/workflows/dependency-review.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index d00ef834..4a621c8c 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -6,6 +6,7 @@ # Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement name: Dependency Review on: + workflow_call: {} pull_request_target: types: [opened, reopened, synchronize] branches: [main] @@ -14,7 +15,7 @@ on: permissions: {} concurrency: - group: ${{ github.workflow }}-${{ github.head_ref }} + group: dep-review-${{ github.workflow }}-${{ github.head_ref }} cancel-in-progress: true jobs: From 895cc052f77fdd6be8d34be3e67d6adf3e86450c Mon Sep 17 00:00:00 2001 From: chris3ware <36608309+chris3ware@users.noreply.github.com> Date: Wed, 26 Mar 2025 09:14:45 +0000 Subject: [PATCH 2/2] chore(workflows): Follow 3ware style guide for attribute order --- .github/workflows/pr-check.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/terraform-docs.yaml | 8 ++++---- .github/workflows/trunk-upgrade.yaml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pr-check.yaml b/.github/workflows/pr-check.yaml index b7fecf14..c36d6597 100644 --- a/.github/workflows/pr-check.yaml +++ b/.github/workflows/pr-check.yaml @@ -15,8 +15,8 @@ jobs: uses: 3ware/workflows/.github/workflows/pr-title.yaml@0bd5c5d052b31311b5f841f71f113260df047181 # 4.13.0 enforce-all-checks: - name: Checks needs: [validate-pr-title] + name: Checks permissions: checks: read uses: 3ware/workflows/.github/workflows/wait-for-checks.yaml@61d14ca4e861fc9c11acacc7d80a10a78775a4e3 # 4.11.0 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1c595830..dfaa563d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -14,12 +14,12 @@ jobs: secrets: inherit semantic-release: + needs: [get-temp-token] runs-on: ubuntu-latest timeout-minutes: 30 concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true - needs: [get-temp-token] steps: - name: Decrypt the installation access token id: decrypt-token diff --git a/.github/workflows/terraform-docs.yaml b/.github/workflows/terraform-docs.yaml index 4fbc3b30..f708f4c2 100644 --- a/.github/workflows/terraform-docs.yaml +++ b/.github/workflows/terraform-docs.yaml @@ -16,15 +16,15 @@ jobs: secrets: inherit terraform-docs: + needs: [get-temp-token] + env: + TF_DOCS_FILE: README.md + BRANCH: ${{ github.base_ref }} runs-on: ubuntu-latest timeout-minutes: 5 concurrency: group: ${{ github.workflow }}-${{ github.head_ref }} cancel-in-progress: true - needs: [get-temp-token] - env: - TF_DOCS_FILE: README.md - BRANCH: ${{ github.base_ref }} steps: - name: Decrypt the installation access token id: decrypt-token diff --git a/.github/workflows/trunk-upgrade.yaml b/.github/workflows/trunk-upgrade.yaml index c8ae693e..66d33a86 100644 --- a/.github/workflows/trunk-upgrade.yaml +++ b/.github/workflows/trunk-upgrade.yaml @@ -18,11 +18,11 @@ jobs: trunk-upgrade: needs: [get-temp-token] name: Upgrade Trunk - runs-on: ubuntu-latest - timeout-minutes: 30 permissions: contents: write # For trunk to create PRs pull-requests: write # For trunk to create PRs + runs-on: ubuntu-latest + timeout-minutes: 30 steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2