From c189c2020e6e46b71a2a1f7fa37257dc17ae9900 Mon Sep 17 00:00:00 2001 From: Michal Baumgartner Date: Thu, 30 Oct 2025 20:26:21 +0100 Subject: [PATCH 1/3] chore: Skip CD pipelines on Dependabot's PRs --- .github/workflows/cd.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index eb84ee9..b2c2a7b 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -30,8 +30,8 @@ jobs: build-and-push-artifacts: name: Build and push artifacts for Python ${{ matrix.python_version }} runs-on: ubicloud-standard-2 - # Only run for base repo, not forks - if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request' + # Only run for base repo, not forks or dependabot + if: (github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request') && github.actor != 'dependabot[bot]' strategy: fail-fast: false matrix: @@ -122,8 +122,8 @@ jobs: name: All artifacts pushed runs-on: ubicloud-standard-2 needs: build-and-push-artifacts - # Only run if the build job ran (i.e., not for forks) - if: always() && (github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request') + # Only run if the build job ran (i.e., not for forks or dependabot) + if: always() && (github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request') && github.actor != 'dependabot[bot]' steps: - name: Check matrix job results env: @@ -144,8 +144,8 @@ jobs: publish-python-package: name: Publish Python package runs-on: ubicloud-standard-2 - # Only run for base repo, not forks - if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request' + # Only run for base repo, not forks or dependabot + if: (github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request') && github.actor != 'dependabot[bot]' outputs: version: ${{ steps.build.outputs.version }} permissions: @@ -284,8 +284,8 @@ jobs: name: Publish to PyPI runs-on: ubicloud-standard-2 needs: publish-python-package - # Only run for base repo when a new tag is created - if: (github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request') && startsWith(github.ref, 'refs/tags/') + # Only run for base repo when a new tag is created, not for dependabot + if: (github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request') && startsWith(github.ref, 'refs/tags/') && github.actor != 'dependabot[bot]' permissions: contents: read id-token: write @@ -308,8 +308,8 @@ jobs: name: Deploy review app runs-on: ubicloud-standard-2 needs: build-and-push-artifacts-status - # Only run for base repo PRs, not forks - if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository + # Only run for base repo PRs, not forks or dependabot + if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' steps: - name: Checkout code uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 @@ -353,8 +353,8 @@ jobs: name: Jupyter for local runs-on: ubicloud-standard-2 needs: build-and-push-artifacts-status - # Only run for base repo, not forks - if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request' + # Only run for base repo, not forks or dependabot + if: (github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request') && github.actor != 'dependabot[bot]' permissions: id-token: write contents: read From 0ffc555c2d38121c462c5f1d54ec1f17d4db14b4 Mon Sep 17 00:00:00 2001 From: Michal Baumgartner Date: Thu, 30 Oct 2025 20:26:44 +0100 Subject: [PATCH 2/3] fix: Skip Gitleaks check on forks as they don't have the license key --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 81cb7a0..f73801a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -217,6 +217,8 @@ jobs: gitleaks: name: Gitleaks check runs-on: ubicloud-standard-2 + # Only run for base repo, not forks + if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request' steps: - name: Checkout code uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 From bbc5bd325ba53a3d9bcfe2844da0271a258b9283 Mon Sep 17 00:00:00 2001 From: Michal Baumgartner Date: Thu, 30 Oct 2025 20:42:10 +0100 Subject: [PATCH 3/3] fix: forgotten conflict in CI --- .github/workflows/ci.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 59dcd75..56872e0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -216,13 +216,9 @@ jobs: gitleaks: name: Gitleaks check -<<<<<<< HEAD - runs-on: ubicloud-standard-2 + runs-on: ubuntu-latest # Only run for base repo, not forks if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request' -======= - runs-on: ubuntu-latest ->>>>>>> main steps: - name: Checkout code uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4