-
Notifications
You must be signed in to change notification settings - Fork 0
36 lines (31 loc) · 1.36 KB
/
pullrequest-workflow.yml
File metadata and controls
36 lines (31 loc) · 1.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# SPDX-FileCopyrightText: 2025 Digg - Agency for Digital Government
#
# SPDX-License-Identifier: CC0-1.0
---
name: Pull Request Workflow
on:
pull_request:
permissions:
contents: read # Best Security practice. Jobs only get read as base, and then permissions are added as needed
jobs:
pr-checks:
uses: diggsweden/reusable-ci/.github/workflows/pullrequest-orchestrator.yml@feat/branch-2.1
secrets: inherit # Pass org-level secrets (for private dependencies if any)
permissions:
contents: read # Clone repository and read source code
packages: read # Access GitHub Packages for Maven dependencies
security-events: write # Upload SpotBugs/dependency check results to Security tab
with:
project-type: maven
workflows-ref: feat/branch-2.1 # Use feature branch with enhanced linting
linters.megalint: false # Deprecated - replaced by just+mise
linters.justmiselint: true # Use just+mise for all linting
linters.commitlint: false # Deprecated - handled by just+mise
linters.licenselint: false # Deprecated - handled by just+mise
test:
needs: [pr-checks]
if: always() # Run tests even if linting fails (get complete feedback)
permissions:
contents: read # Access test resources and source code
packages: read # Fetch test dependencies from GitHub Packages
uses: ./.github/workflows/test.yml