feat(gha): do not run pipelines in draft #67
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Verify" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| - edited | |
| - ready_for_review | |
| branches: | |
| - main | |
| workflow_call: | |
| inputs: | |
| GH_APP_ID: | |
| type: string | |
| GH_APP_INSTALLATION_ID: | |
| type: string | |
| TF_INPUT: | |
| type: string | |
| TF_IN_AUTOMATION: | |
| type: string | |
| runs-on: | |
| type: string | |
| required: false | |
| concurrency: | |
| # Here we use the repository name to avoid conflicts with other repositories | |
| # Target repositories should use only `${{ github.workflow_ref }}_${{ github.ref }}` | |
| group: ${{ github.workflow_ref }}_${{ github.ref }}_${{ github.repository }} | |
| cancel-in-progress: true | |
| env: | |
| # GH | |
| GITHUB_APP_ID: ${{ (vars.GH_APP_ID || inputs.GH_APP_ID) || false }} | |
| GITHUB_APP_INSTALLATION_ID: ${{ (vars.GH_APP_INSTALLATION_ID || inputs.GH_APP_INSTALLATION_ID) || false }} | |
| GITHUB_APP_PEM_FILE: ${{ secrets.GH_APP_PEM_FILE || false }} | |
| # TF | |
| TF_INPUT: ${{ (vars.TF_INPUT || inputs.TF_INPUT) || false }} | |
| TF_IN_AUTOMATION: ${{ (vars.TF_IN_AUTOMATION || inputs.TF_IN_AUTOMATION) || false }} | |
| TF_TOKEN_app_terraform_io: ${{ secrets.TF_TOKEN_APP_TERRAFORM_IO || false }} | |
| TFE_TOKEN: ${{ secrets.TFE_TOKEN || false }} | |
| # Trivy | |
| ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| secrets: | |
| name: "Secrets" | |
| runs-on: ${{ inputs.runs-on || 'ubuntu-latest' }} | |
| if: github.event.pull_request.draft == false | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: ./.github/actions/prerequisites | |
| if: github.repository == 'Inetum-Poland/.github' | |
| - uses: Inetum-Poland/.github/.github/actions/prerequisites@main | |
| if: github.repository != 'Inetum-Poland/.github' | |
| - uses: ./.github/actions/trufflehog | |
| if: github.repository == 'Inetum-Poland/.github' | |
| - uses: Inetum-Poland/.github/.github/actions/trufflehog@main | |
| if: github.repository != 'Inetum-Poland/.github' | |
| vulnerabilites: | |
| name: "Vulnerabilites" | |
| runs-on: ${{ inputs.runs-on || 'ubuntu-latest' }} | |
| if: github.event.pull_request.draft == false | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/prerequisites | |
| if: github.repository == 'Inetum-Poland/.github' | |
| - uses: Inetum-Poland/.github/.github/actions/prerequisites@main | |
| if: github.repository != 'Inetum-Poland/.github' | |
| - uses: ./.github/actions/trivy | |
| if: github.repository == 'Inetum-Poland/.github' | |
| - uses: Inetum-Poland/.github/.github/actions/trivy@main | |
| if: github.repository != 'Inetum-Poland/.github' | |
| pre_commit: | |
| name: "Pre-Commit" | |
| runs-on: ${{ inputs.runs-on || 'ubuntu-latest' }} | |
| if: github.event.pull_request.draft == false | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/prerequisites | |
| if: github.repository == 'Inetum-Poland/.github' | |
| - uses: Inetum-Poland/.github/.github/actions/prerequisites@main | |
| if: github.repository != 'Inetum-Poland/.github' | |
| - uses: ./.github/actions/mise | |
| if: github.repository == 'Inetum-Poland/.github' | |
| - uses: Inetum-Poland/.github/.github/actions/mise@main | |
| if: github.repository != 'Inetum-Poland/.github' | |
| - uses: ./.github/actions/pre_commit | |
| if: github.repository == 'Inetum-Poland/.github' | |
| - uses: Inetum-Poland/.github/.github/actions/pre_commit@main | |
| if: github.repository != 'Inetum-Poland/.github' |