wallet-provider/.github/workflows/pullrequest-workflow.yml at main · diggsweden/wallet-provider · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# SPDX-FileCopyrightText: 2025 diggsweden/wallet-provider
#
# SPDX-License-Identifier: CC0-1.0

name: Pull Request Workflow

on:
  pull_request:
    branches:
      - main
      - develop
      - "release/**"
      - "feature/**"

permissions:
  contents: read # Best Security practice. Jobs only get read as base, and then permissions are added as needed

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  pr-checks:
    uses: diggsweden/reusable-ci/.github/workflows/pullrequest-orchestrator.yml@659cc5dbdbedc47f1510817f38aba07de8a93ae8 # v2.6.1
    secrets: inherit # Pass org-level secrets (for private Maven dependencies)
    permissions:
      contents: read # Clone repository and read source code
      packages: read # Access GitHub Packages for Maven dependencies
      security-events: write # Upload SpotBugs/dependency check results to Security tab
    with:
      project-type: maven
      # Use devbase-check linting (replaces megalint, commitlint, licenselint)
      linters.devbasecheck: true
      linters.megalint: false
      linters.commitlint: false
      linters.licenselint: false
      linters.dependencyreview: false # Disabled: requires GitHub Advanced Security

  test:
    needs: [pr-checks]
    if: always() # Run tests even if linting fails (get complete feedback)
    permissions:
      contents: read # Access test resources and source code
      packages: read # Fetch test dependencies from GitHub Packages
    uses: ./.github/workflows/test.yml