diff --git a/.github/workflows/repo_cron_snyk.yml b/.github/workflows/cron_snyk.yml similarity index 100% rename from .github/workflows/repo_cron_snyk.yml rename to .github/workflows/cron_snyk.yml diff --git a/.github/workflows/repo_pr_await_changes.yml b/.github/workflows/pr_await_changes.yml similarity index 65% rename from .github/workflows/repo_pr_await_changes.yml rename to .github/workflows/pr_await_changes.yml index 37408b9..4c650b2 100644 --- a/.github/workflows/repo_pr_await_changes.yml +++ b/.github/workflows/pr_await_changes.yml @@ -4,7 +4,7 @@ name: "Pull Request Changes" on: pull_request: - types: [opened, synchronize, reopened] + types: [opened, synchronize, reopened, closed] permissions: {} @@ -14,4 +14,4 @@ jobs: runs-on: ubuntu-latest steps: - - run: echo "Changes detected." + - run: echo "Child workflows triggered." diff --git a/.github/workflows/php_composer.yml b/.github/workflows/pr_composer.yml similarity index 100% rename from .github/workflows/php_composer.yml rename to .github/workflows/pr_composer.yml diff --git a/.github/workflows/php_pest.yml b/.github/workflows/pr_pest.yml similarity index 100% rename from .github/workflows/php_pest.yml rename to .github/workflows/pr_pest.yml diff --git a/.github/workflows/php_phpcsf.yml b/.github/workflows/pr_phpcsf.yml similarity index 100% rename from .github/workflows/php_phpcsf.yml rename to .github/workflows/pr_phpcsf.yml diff --git a/.github/workflows/php_phpstan.yml b/.github/workflows/pr_phpstan.yml similarity index 100% rename from .github/workflows/php_phpstan.yml rename to .github/workflows/pr_phpstan.yml diff --git a/.github/workflows/php_psalm.yml b/.github/workflows/pr_psalm.yml similarity index 100% rename from .github/workflows/php_psalm.yml rename to .github/workflows/pr_psalm.yml diff --git a/.github/workflows/php_rector.yml b/.github/workflows/pr_rector.yml similarity index 100% rename from .github/workflows/php_rector.yml rename to .github/workflows/pr_rector.yml diff --git a/.github/workflows/sec_snyk.yml b/.github/workflows/pr_snyk.yml similarity index 54% rename from .github/workflows/sec_snyk.yml rename to .github/workflows/pr_snyk.yml index 033e2bd..1126141 100644 --- a/.github/workflows/sec_snyk.yml +++ b/.github/workflows/pr_snyk.yml @@ -1,14 +1,8 @@ name: "Snyk" -# This workflow will run after a pull request has been approved, and is -# triggered as a result of the "Pull Request Approval" workflow succeeding. -# By being executed in this manner, the workflow will have access to the -# environment variables of the origin repository, allowing builds to -# successfully run for forked pull requests without exposing secrets. - on: workflow_run: - workflows: ["Pull Request Approval"] + workflows: ["Pull Request Changes"] types: - completed @@ -23,8 +17,6 @@ jobs: name: "Scan" runs-on: ubuntu-latest - if: github.event.workflow_run.conclusion == 'success' && contains(github.event.issue.labels.*.name, 'Approved') - steps: - uses: shivammathur/setup-php@v2 with: @@ -35,6 +27,9 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + github-token: ${{ secrets.GITHUB_TOKEN }} - run: composer install --no-progress diff --git a/.github/workflows/repo_pr_await_approval.yml b/.github/workflows/repo_pr_await_approval.yml deleted file mode 100644 index fed0fd1..0000000 --- a/.github/workflows/repo_pr_await_approval.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: "Pull Request Approval" - -# Monitor for pull requests being approved. - -on: - pull_request: - types: [synchronize] - pull_request_review: - types: [submitted] - -permissions: {} - -jobs: - wait: - name: "Waiting" - runs-on: ubuntu-latest - - if: github.actor == 'dependabot[bot]' || github.event.review.state == 'approved' - steps: - - run: echo "PR approved." diff --git a/.github/workflows/repo_pr_label_approval.yml b/.github/workflows/repo_pr_label_approval.yml deleted file mode 100644 index b8672ea..0000000 --- a/.github/workflows/repo_pr_label_approval.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: "Pull Request Labels (Apply Approval)" - -# This workflow will run after a pull request has been approved, and is -# triggered as a result of the "Pull Request Changes" workflow succeeding. -# By being executed in this manner, the workflow will have access to the -# environment variables of the origin repository, allowing builds to -# successfully run for forked pull requests without exposing secrets. - -on: - workflow_run: - workflows: ["Pull Request Approval"] - types: - - completed - -permissions: - # We are modifying labels, and need write access to do so. - pull-requests: write - -jobs: - wait: - name: "Applying" - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - uses: actions-ecosystem/action-add-labels@v1 - with: - labels: Approved diff --git a/.github/workflows/repo_pr_label_approval_revoke.yml b/.github/workflows/repo_pr_label_approval_revoke.yml deleted file mode 100644 index 0caca73..0000000 --- a/.github/workflows/repo_pr_label_approval_revoke.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: "Pull Request Labels (Revoke Approval)" - -# This workflow will run after a pull request has been approved, and is -# triggered as a result of the "Pull Request Changes" workflow succeeding. -# By being executed in this manner, the workflow will have access to the -# environment variables of the origin repository, allowing builds to -# successfully run for forked pull requests without exposing secrets. - -on: - workflow_run: - workflows: ["Pull Request Changes"] - types: - - completed - -permissions: - # We are modifying labels, and need write access to do so. - pull-requests: write - -jobs: - wait: - name: "Revoking" - runs-on: ubuntu-latest - - if: contains(github.event.issue.labels.*.name, 'Approved') - - steps: - - uses: actions/checkout@v2 - - - uses: actions-ecosystem/action-remove-labels@v1 - with: - labels: Approved