From 32c742bfce1704d32d3d93febbcd6756cd94f624 Mon Sep 17 00:00:00 2001 From: seth Date: Fri, 3 Nov 2023 15:26:26 +0000 Subject: [PATCH] ci: exclude some workflows from forks/branches & better scope permissions (#57) --- .github/workflows/format.yml | 6 ++++-- .github/workflows/release.yml | 9 +++++---- .github/workflows/update-docs.yml | 11 +++++++---- 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml index 08874a1..0070532 100644 --- a/.github/workflows/format.yml +++ b/.github/workflows/format.yml @@ -1,12 +1,14 @@ name: Format on: - - push - - pull_request + push: + branches: [main] + pull_request: jobs: format-check: runs-on: ubuntu-latest + steps: - uses: actions/checkout@v2 - uses: cachix/install-nix-action@v20 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d44ca03..370f7e8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,13 +4,14 @@ on: push: branches: [main] -permissions: - contents: write - pull-requests: write - jobs: release-please: runs-on: ubuntu-latest + + permissions: + contents: write + pull-requests: write + steps: - uses: google-github-actions/release-please-action@v3 with: diff --git a/.github/workflows/update-docs.yml b/.github/workflows/update-docs.yml index df0e437..45a926b 100644 --- a/.github/workflows/update-docs.yml +++ b/.github/workflows/update-docs.yml @@ -5,20 +5,23 @@ on: paths: - "modules/home-manager/**" - "modules/nixos/**" - -permissions: - contents: write - + workflow_dispatch: jobs: update-docs: runs-on: ubuntu-latest + permissions: + contents: write + strategy: max-parallel: 1 matrix: package: ["nixos", "home-manager"] + # we only want this running on our repo, on the `main` branch + if: github.repository == 'Stonks3141/ctp-nix' && github.ref_name == 'main' + steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v22