Merge branch 'main' into dependabot/pip/test-runner/test-runner-0abaf62d7c

Author: Tyler Titsworth

.github/workflows/chart-ci.yaml

@@ -14,12 +14,12 @@
 
 name: Helm Chart CI
 on:
+  merge_group: null
   pull_request_target:
     types: [opened, edited, reopened, synchronize]
     branches: [main]
     paths:
     - 'workflows/charts/**'
-  merge_group: null
 permissions: read-all
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -33,9 +33,15 @@ jobs:
       with:
         egress-policy: audit
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      if: ${{ github.event_name == 'pull_request_target' }}
       with:
         fetch-depth: 0
         ref: "refs/pull/${{ github.event.number }}/merge"
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      if: ${{ github.event_name == 'merge_group' }}
+      with:
+        fetch-depth: 0
+        ref: ${{ github.event.merge_group.head_ref }}
     - uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0
     - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
     - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0

.github/workflows/dockerhub-description.yml

@@ -27,7 +27,6 @@ jobs:
       uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
       with:
         egress-policy: audit
-
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
     - name: Set matrix data
       id: set-matrix
@@ -43,7 +42,6 @@ jobs:
       uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
       with:
         egress-policy: audit
-
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
     - uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0
       with:

.github/workflows/docs.yaml

@@ -15,6 +15,9 @@
 name: Docs
 on:
   merge_group: null
+  pull_request_target:
+    types: [opened, edited, reopened, synchronize]
+    branches: [main]
   push:
     branches:
     - main
@@ -35,6 +38,17 @@ jobs:
       with:
         egress-policy: audit
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      if: ${{ github.event_name == 'push' }}
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      if: ${{ github.event_name == 'pull_request_target' }}
+      with:
+        fetch-depth: 0
+        ref: "refs/pull/${{ github.event.number }}/merge"
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      if: ${{ github.event_name == 'merge_group' }}
+      with:
+        fetch-depth: 0
+        ref: ${{ github.event.merge_group.head_ref }}
     - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
       with:
         python-version: 3.8
@@ -46,5 +60,5 @@ jobs:
     - uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
       with:
         path: site
-    - if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
-      uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
+    - uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
+      if: ${{ github.event_name == 'push' }}

.github/workflows/gitleaks.yaml

@@ -14,7 +14,6 @@
 
 name: gitleaks
 on:
-  merge_group: null
   pull_request_target:
     types: [opened, edited, reopened, synchronize]
     branches: [main]

.github/workflows/integration-test.yaml

@@ -14,7 +14,6 @@
 
 name: Integration Tests
 on:
-  merge_group: null
   pull_request_target:
     types: [opened, edited, reopened, synchronize]
     branches: [main]
@@ -74,20 +73,3 @@ jobs:
       group_dir: ${{ matrix.group }}
       ref: "refs/pull/${{ github.event.number }}/merge"
     secrets: inherit
-  status-check:
-    needs: [group-diff, pipeline-ci]
-    runs-on: ubuntu-latest
-    if: always()
-    steps:
-    - name: Harden Runner
-      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
-      with:
-        egress-policy: audit
-    - run: exit 1
-      if: >-
-        ${{
-             contains(needs.*.result, 'failure')
-          || contains(needs.*.result, 'cancelled')
-          || contains(needs.*.result, 'skipped')
-          && needs.group-diff.outputs.groups != '[""]'
-        }}

.github/workflows/lint.yaml

@@ -19,6 +19,9 @@ on:
   pull_request_target:
     types: [opened, edited, reopened, synchronize]
     branches: [main]
+  push:
+    branches:
+    - main
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
@@ -32,9 +35,17 @@ jobs:
       with:
         egress-policy: audit
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      if: ${{ github.event_name == 'push' }}
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      if: ${{ github.event_name == 'pull_request_target' }}
       with:
         fetch-depth: 0
         ref: "refs/pull/${{ github.event.number }}/merge"
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      if: ${{ github.event_name == 'merge_group' }}
+      with:
+        fetch-depth: 0
+        ref: ${{ github.event.merge_group.head_ref }}
     - uses: super-linter/super-linter/slim@5b638caee6ba65e25e07143887b669a1233847a0 # v6.5.1
       env:
         # To report GitHub Actions status checks

.github/workflows/scorecard.yaml

@@ -18,12 +18,12 @@
 
 name: Scorecard supply-chain security
 on:
-  branch_protection_rule:
+  branch_protection_rule: null
   schedule:
   - cron: '0 6 * * 0'
   push:
     branches: ["main"]
-  workflow_dispatch:
+  workflow_dispatch: null
 permissions: read-all
 jobs:
   analysis:

.github/workflows/test-runner-ci.yaml

@@ -15,7 +15,9 @@
 name: Test Runner CI
 on:
   merge_group: null
-  pull_request:
+  pull_request_target:
+    types: [opened, edited, reopened, synchronize]
+    branches: [main]
     paths:
     - 'test-runner/**'
   push:
@@ -38,6 +40,17 @@ jobs:
       with:
         egress-policy: audit
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      if: ${{ github.event_name == 'push' }}
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      if: ${{ github.event_name == 'pull_request_target' }}
+      with:
+        fetch-depth: 0
+        ref: "refs/pull/${{ github.event.number }}/merge"
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      if: ${{ github.event_name == 'merge_group' }}
+      with:
+        fetch-depth: 0
+        ref: ${{ github.event.merge_group.head_ref }}
     - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
       with:
         driver: docker
@@ -71,8 +84,17 @@ jobs:
       with:
         egress-policy: audit
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      if: ${{ github.event_name == 'push' }}
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      if: ${{ github.event_name == 'pull_request_target' }}
       with:
+        fetch-depth: 0
         ref: "refs/pull/${{ github.event.number }}/merge"
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      if: ${{ github.event_name == 'merge_group' }}
+      with:
+        fetch-depth: 0
+        ref: ${{ github.event.merge_group.head_ref }}
     - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
       with:
         python-version: "3.10"
@@ -99,6 +121,17 @@ jobs:
       with:
         egress-policy: audit
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      if: ${{ github.event_name == 'push' }}
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      if: ${{ github.event_name == 'pull_request_target' }}
+      with:
+        fetch-depth: 0
+        ref: "refs/pull/${{ github.event.number }}/merge"
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      if: ${{ github.event_name == 'merge_group' }}
+      with:
+        fetch-depth: 0
+        ref: ${{ github.event.merge_group.head_ref }}
     - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
       with:
         driver: docker