Merge pull request #7425 from MartinForReal/shafan/github

Chores: trigger build only when needed
kubernetes-sigs · Oct 25, 2024 · a89cf7d · a89cf7d
2 parents 9cbbbe7 + c65bf17
commit a89cf7d
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 8 deletions.
diff --git a/.github/workflows/codespell.yaml b/.github/workflows/codespell.yaml
@@ -2,7 +2,12 @@
 # https://github.com/codespell-project/actions-codespell
 # https://github.com/codespell-project/codespell
 name: codespell
-on: [push, pull_request]
+on: 
+  push:
+    branches: [ master, 'release-**' ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master, 'release-**' ]
 permissions:
   contents: read
 

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -7,7 +7,9 @@
 #
 # Source repository: https://github.com/actions/dependency-review-action
 name: 'Dependency Review'
-on: [pull_request]
+on: 
+  pull_request:
+    branches: [ master, 'release-**' ]
 
 permissions:
   contents: read

diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -1,9 +1,12 @@
 name: Code Lint
 
-on:
-  workflow_dispatch:
+on: 
   push:
+    branches: [ master, 'release-**' ]
   pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master, 'release-**' ]
+  workflow_dispatch:
 
 permissions:
   contents: read

diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -23,7 +23,7 @@ on:
       - '!vendor/**'
       - 'health-probe-proxy/**'
   schedule:
-    - cron: '0 */24 * * *'
+    - cron: '0 1 * * *'
 permissions:
   contents: read
 jobs:
@@ -80,7 +80,6 @@ jobs:
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
-          skip-setup-trivy: true
         env:
           TRIVY_SKIP_DB_UPDATE: true
       - name: Upload Trivy scan results to GitHub Security tab
@@ -97,7 +96,6 @@ jobs:
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
-          skip-setup-trivy: true
         env:
           TRIVY_SKIP_DB_UPDATE: true
       - name: Upload Trivy scan results to GitHub Security tab
@@ -114,6 +112,5 @@ jobs:
           output: 'dependency-results.sbom.json'
           scan-ref: '.'
           github-pat: ${{ secrets.GITHUB_TOKEN }}
-          skip-setup-trivy: true
         env:
           TRIVY_SKIP_DB_UPDATE: true