rest-api-profil-lint-processor/.github/workflows/pullrequest-workflow.yml at main · diggsweden/rest-api-profil-lint-processor · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# SPDX-FileCopyrightText: 2025 Digg - Agency for Digital Government
#
# SPDX-License-Identifier: CC0-1.0
name: Pull Request Workflow
on:
  pull_request:
    branches:
      - main
      - develop
      - 'release/**'
      - 'feature/**'
permissions:
  contents: read # Best Security practice. Jobs only get read as base, and then permissions are added as needed
jobs:
  pr-checks:
    uses: diggsweden/reusable-ci/.github/workflows/pullrequest-orchestrator.yml@e1e1387d5b0399bb5edb00e40485746772344176 # v2.6.0
    secrets: inherit # Pass org-level secrets (NPM token if private packages)
    permissions:
      contents: read # Clone repository and read source code
      packages: read # Access private NPM packages from GitHub registry
      security-events: write # Upload ESLint/security findings to GitHub Security tab
    with:
      project-type: npm
      # Use devbase-check linting (replaces megalint, commitlint, licenselint)
      linters.devbasecheck: true
      linters.megalint: false
      linters.commitlint: false
      linters.licenselint: false
      linters.publiccodelint: true
  test:
    needs: [pr-checks]
    if: always() # Run tests even if linting fails (get full CI feedback)
    permissions:
      contents: read # Read test files and source code
      packages: read # Fetch test dependencies from registry
    uses: ./.github/workflows/test.yml