Merge pull request #1216 from cdapio/fix-sec-vuln

Restrict running of github CI jobs without approval
cdapio · May 13, 2024 · e0fa180 · e0fa180
2 parents 9985eb3 + 22e7993
commit e0fa180
Showing 1 changed file with 5 additions and 8 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -15,11 +15,11 @@
 name: Build with Unit and Integration Tests
 
 on:
-  workflow_run:
-    workflows:
-      - Trigger build
-    types:
-      - completed
+  push:
+    branches: [ develop, release/** ]
+  pull_request:
+    branches: [ develop, release/** ]
+    types: [opened, synchronize, reopened]
   workflow_dispatch:
     inputs:
       branch:
@@ -36,11 +36,8 @@ jobs:
 
     steps:
     # Pinned 1.0.0 version
-    - uses: marocchino/action-workflow_run-status@54b6e87d6cb552fc5f36dbe9a722a6048725917a
-      if: github.event_name != 'workflow_dispatch'
     - uses: actions/checkout@v3
       with:
-        ref: ${{ github.event.workflow_run.head_sha }}
         submodules: recursive
 
     # installing node 16.16