hash2curve-lib-java/.github/workflows/pullrequest-workflow.yml at 3278d384044e32e9f68edc03473298218fd3a919 · diggsweden/hash2curve-lib-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# SPDX-FileCopyrightText: 2025 Digg - Agency for Digital Government
#
# SPDX-License-Identifier: CC0-1.0

---
name: Pull Request Workflow

on:
  pull_request:

permissions:
  contents: read # Best Security practice. Jobs only get read as base, and then permissions are added as needed

jobs:
  pr-checks:
    uses: diggsweden/reusable-ci/.github/workflows/pullrequest-orchestrator.yml@659cc5dbdbedc47f1510817f38aba07de8a93ae8 # v2.6.1
    secrets: inherit # Pass org-level secrets (for private dependencies if any)
    permissions:
      contents: read # Clone repository and read source code
      packages: read # Access GitHub Packages for Maven dependencies
      security-events: write # Upload SpotBugs/dependency check results to Security tab
    with:
      project-type: maven
      linters.megalint: false # Deprecated - replaced by just+mise
      linters.devbasecheck: true # Use just+mise for all linting
      linters.commitlint: false # Deprecated - handled by just+mise
      linters.licenselint: false # Deprecated - handled by just+mise

  test:
    needs: [pr-checks]
    if: always() # Run tests even if linting fails (get complete feedback)
    permissions:
      contents: read # Access test resources and source code
      packages: read # Fetch test dependencies from GitHub Packages
    uses: ./.github/workflows/test.yml