diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 799a600..6331368 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,11 +18,6 @@ on: merge_group: types: [checks_requested] -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SCORE_QNX_USER: ${{ secrets.SCORE_QNX_USER }} - SCORE_QNX_PASSWORD: ${{ secrets.SCORE_QNX_PASSWORD }} - SCORE_QNX_LICENSE: ${{ secrets.SCORE_QNX_LICENSE }} jobs: build: name: Build Bazel Code @@ -31,12 +26,6 @@ jobs: - name: Checkout code uses: actions/checkout@v4.2.2 - - name: Install protoc 26.1 - uses: arduino/setup-protoc@v3 - with: - version: 26.1 - repo-token: ${{ secrets.GITHUB_TOKEN }} - - name: Setup Bazel uses: bazel-contrib/setup-bazel@0.15.0 with: diff --git a/.github/workflows/cargo_required.yml b/.github/workflows/cargo_required.yml index 1f8dda9..12bdc86 100644 --- a/.github/workflows/cargo_required.yml +++ b/.github/workflows/cargo_required.yml @@ -15,7 +15,7 @@ name: cargo build, test, coverage and miri report on: push: branches: [main, development] - pull_request: + pull_request_target: branches: [main, development] types: [opened, ready_for_review, reopened, synchronize] @@ -34,7 +34,10 @@ jobs: timeout-minutes: 45 # minutes is the maximum allowed for a cold run steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@v4.2.2 + with: + ref: ${{ github.head_ref || github.event.pull_request.head.ref || github.ref }} + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - name: Setup Rust Build Environment uses: ./.github/actions/setup-rust-build diff --git a/.github/workflows/component_integration_tests.yml b/.github/workflows/component_integration_tests.yml index 7b4d244..78998db 100644 --- a/.github/workflows/component_integration_tests.yml +++ b/.github/workflows/component_integration_tests.yml @@ -15,7 +15,7 @@ name: Component Integration Tests on: push: branches: [main, development] - pull_request: + pull_request_target: branches: [main, development] types: [opened, ready_for_review, reopened, synchronize] schedule: @@ -36,6 +36,9 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + ref: ${{ github.head_ref || github.event.pull_request.head.ref || github.ref }} + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - name: Setup Rust Build Environment uses: ./.github/actions/setup-rust-build diff --git a/.github/workflows/component_integration_tests_bazel.yml b/.github/workflows/component_integration_tests_bazel.yml index c1b327b..967f89e 100644 --- a/.github/workflows/component_integration_tests_bazel.yml +++ b/.github/workflows/component_integration_tests_bazel.yml @@ -23,7 +23,6 @@ on: env: CARGO_TERM_COLOR: always - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: build: @@ -33,12 +32,6 @@ jobs: - name: Checkout code uses: actions/checkout@v4.2.2 - - name: Install protoc 26.1 - uses: arduino/setup-protoc@v3 - with: - version: 26.1 - repo-token: ${{ secrets.GITHUB_TOKEN }} - - name: Setup Bazel uses: bazel-contrib/setup-bazel@0.15.0 with: diff --git a/.github/workflows/copyright.yml b/.github/workflows/copyright.yml index ddfb5f2..464a342 100644 --- a/.github/workflows/copyright.yml +++ b/.github/workflows/copyright.yml @@ -17,8 +17,6 @@ on: types: [opened, reopened, synchronize] merge_group: types: [checks_requested] -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: copyright-check: diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml index ec4f8c7..620d697 100644 --- a/.github/workflows/format.yml +++ b/.github/workflows/format.yml @@ -18,8 +18,7 @@ on: types: [opened, reopened, synchronize] merge_group: types: [checks_requested] -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + jobs: formatting-check: uses: eclipse-score/cicd-workflows/.github/workflows/format.yml@main diff --git a/.github/workflows/license_check.yml b/.github/workflows/license_check.yml index 0d79a32..f5ea3d4 100644 --- a/.github/workflows/license_check.yml +++ b/.github/workflows/license_check.yml @@ -17,8 +17,7 @@ on: types: [opened, reopened, synchronize] merge_group: types: [checks_requested] -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + permissions: pull-requests: write issues: write diff --git a/.github/workflows/lint_fmt_clippy.yml b/.github/workflows/lint_fmt_clippy.yml index b6cea8b..d5fc47e 100644 --- a/.github/workflows/lint_fmt_clippy.yml +++ b/.github/workflows/lint_fmt_clippy.yml @@ -13,7 +13,7 @@ name: rustfmt and clippy check on: - pull_request: + pull_request_target: branches: [main, development] types: [opened, ready_for_review, reopened, synchronize] @@ -27,6 +27,8 @@ jobs: - uses: actions/checkout@v3 with: fetch-depth: 0 + ref: ${{ github.head_ref || github.event.pull_request.head.ref || github.ref }} + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - name: Install protoc 26.1 uses: arduino/setup-protoc@v3 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index e7e3c7d..85a06bf 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -13,7 +13,7 @@ name: Bazel Tests on: - pull_request: + pull_request_target: types: [opened, reopened, synchronize] merge_group: types: [checks_requested] @@ -26,6 +26,9 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4.2.2 + with: + ref: ${{ github.head_ref || github.event.pull_request.head.ref || github.ref }} + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - name: Install protoc 26.1 uses: arduino/setup-protoc@v3