ci: permissions, branch/tag filter, and fmt lint

Add clang-format to the checks. Set permissions for the workflow to have no permission. Fire only on version tags and main branch for push.
google · Nov 24, 2021 · 4501da6 · 4501da6
1 parent f8e7a6a
commit 4501da6
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,11 +1,34 @@
 name: CI
+
 on:
+  # Filter on branch so this isn't double-run on a PR's push
   push:
+    tags:
+      - v*
+      - version*
+    branches:
+      - main
   pull_request:
+
+permissions:
+  # none-all, which doesn't exist, but
+  # https://docs.github.com/en/actions/reference/authentication-in-a-workflow#using-the-github_token-in-a-workflow
+  # implies that the token still gets created.  Elsewhere we learn that any
+  # permission not mentioned here gets turned to `none`.
+  actions: none
+
 jobs:
   test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
       - name: test
         run: make test
+
+  fmt-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: jidicula/clang-format-action@v4.3.1
+        with:
+          fallback-style: "Google"