Skip to content

fix: include files in campaign application #1007

fix: include files in campaign application

fix: include files in campaign application #1007

Workflow file for this run

name: Check PR (forks)
on:
workflow_dispatch:
pull_request_target:
types: [opened, synchronize, reopened, labeled]
permissions:
contents: read
jobs:
check-label:
name: Check label
runs-on: ubuntu-latest
# If this is not a fork do not start this step
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.head.repo.fork }}
permissions:
pull-requests: write
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Check whether tests are enabled for this PR
run: |
echo "IS_FORK=${{ github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.head.repo.fork }}" >> $GITHUB_ENV
echo "HAS_LABEL=${{ contains(github.event.pull_request.labels.*.name, 'run tests') }}" >> $GITHUB_ENV
- name: Remove 'run tests' label
# If the PR is created by dependabot or is a fork and has the 'run tests' label, remove it
if: ${{ env.IS_FORK == 'true' && env.HAS_LABEL == 'true' }}
run: |
gh pr edit ${{ github.event.pull_request.number }} --remove-label "run tests"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Fail workflow
if: ${{ env.IS_FORK == 'true' && env.HAS_LABEL == 'false' }}
run: |
echo "Not all tests have run for this PR. Please add the `run tests` label to trigger them."
exit 1
- name: Update PR comment
uses: mshick/add-pr-comment@v2
if: always()
with:
message: |
✅ Tests will run for this PR. Once they succeed it can be merged.
message-failure: |
❌ Not all tests have run for this PR. Please add the `run tests` label to trigger them.
security-checks:
name: Security tests
needs: [check-label]
uses: ./.github/workflows/security-checks.yml
secrets:
MONDOO_SECRET: ${{ secrets.MONDOO_SECRET }}