Pinned djangorestframework-simplejwt version to meet security requirement #3833
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Pull Request Checks | |
on: | |
pull_request: | |
branches: | |
- main | |
- prod | |
paths: | |
- '**' | |
- '!docs/**' | |
- 'docs/bpmn-workflow-models/**' | |
- '!.github/ISSUE_TEMPLATE/**' | |
workflow_dispatch: null | |
jobs: | |
check-for-changes: | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: read | |
outputs: | |
requirements: ${{ steps.filter.outputs.requirements }} | |
dev-requirements: ${{ steps.filter.outputs.devrequirements }} | |
docker: ${{ steps.filter.outputs.docker }} | |
package: ${{ steps.filter.outputs.package }} | |
staticfiles: ${{ steps.filter.outputs.staticfiles }} | |
steps: | |
- uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
requirements: | |
- './backend/requirements.txt' | |
devrequirements: | |
- './backend/dev-requirements.txt' | |
docker: | |
- './backend/Dockerfile' | |
package: | |
- './backend/package.json' | |
staticfiles: | |
- './backend/static/**' | |
# Tests and Linting invoked on a Pull Request | |
testing-from-build: | |
needs: [check-for-changes] | |
if: ${{ needs.check-for-changes.outputs.requirements == 'true' || needs.check-for-changes.outputs.dev-requirements == 'true' || needs.check-for-changes.outputs.docker == 'true' || needs.check-for-changes.outputs.package == 'true' || needs.check-for-changes.outputs.staticfiles == 'true' }} | |
uses: ./.github/workflows/testing-from-build.yml | |
secrets: inherit | |
testing-from-ghcr: | |
needs: [check-for-changes] | |
if: ${{ needs.check-for-changes.outputs.requirements != 'true' && needs.check-for-changes.outputs.dev-requirements != 'true' && needs.check-for-changes.outputs.docker != 'true' && needs.check-for-changes.outputs.package != 'true' && needs.check-for-changes.outputs.staticfiles != 'true' }} | |
uses: ./.github/workflows/testing-from-ghcr.yml | |
secrets: inherit | |
linting: | |
uses: ./.github/workflows/linting.yml | |
secrets: inherit | |
# Update BPMN Diagrams | |
# We are removing this as we are not editing, and we do not wish for it to run with lib updates. | |
# Uncomment if changes to models are necessary | |
# sync-BPMN: | |
# uses: ./.github/workflows/add-bpmn-renders.yml | |
# secrets: inherit | |
# Generate Terraform Plans | |
terraform-plan: | |
if: ${{ github.base_ref == 'main' }} | |
uses: ./.github/workflows/terraform-plan-env.yml | |
with: | |
environment: "dev" | |
secrets: inherit | |
terraform-plan-meta: | |
if: ${{ github.base_ref == 'main' }} | |
uses: ./.github/workflows/terraform-plan-env.yml | |
with: | |
environment: "meta" | |
secrets: inherit | |
terraform-plan-staging: | |
if: ${{ github.base_ref == 'prod' }} | |
uses: ./.github/workflows/terraform-plan-env.yml | |
with: | |
environment: "staging" | |
secrets: inherit | |
# uses tags "v1.*" | |
terraform-plan-prod: | |
if: ${{ github.base_ref == 'prod' }} | |
uses: ./.github/workflows/terraform-plan-env.yml | |
with: | |
environment: "production" | |
secrets: inherit | |
repo-event: | |
if: ${{ github.base_ref == 'prod' && always() }} | |
name: Set Repository Event | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
needs: [terraform-plan-staging, testing-from-ghcr, testing-from-build] | |
steps: | |
- name: Repository Dispatch | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
event-type: ready-to-merge | |
client-payload: '{"github": ${{ toJson(github) }}}' | |
if: github.event_name == 'pull_request' |