ci: exclude some workflows from forks/branches & better scope permissions (#57)

2023-11-03 15:26:26 +00:00 · 2023-11-03 15:26:26 +00:00 · 32c742bfce
commit 32c742bfce
parent 96e861b5ab
3 changed files with 16 additions and 10 deletions
--- a/.github/workflows/format.yml
+++ b/.github/workflows/format.yml
@ -1,12 +1,14 @@
 name: Format
 on:
-  - push
+  push:
-  - pull_request
+    branches: [main]
  pull_request:
 jobs:
  format-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: cachix/install-nix-action@v20
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -4,13 +4,14 @@ on:
  push:
    branches: [main]
 permissions:
  contents: write
  pull-requests: write
 jobs:
  release-please:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
    steps:
      - uses: google-github-actions/release-please-action@v3
        with:
--- a/.github/workflows/update-docs.yml
+++ b/.github/workflows/update-docs.yml
@ -5,20 +5,23 @@ on:
    paths:
      - "modules/home-manager/**"
      - "modules/nixos/**"
-
+  workflow_dispatch:
 permissions:
  contents: write
 jobs:
  update-docs:
    runs-on: ubuntu-latest
    permissions:
      contents: write
    strategy:
      max-parallel: 1
      matrix:
        package: ["nixos", "home-manager"]
    # we only want this running on our repo, on the `main` branch
    if: github.repository == 'Stonks3141/ctp-nix' && github.ref_name == 'main'
    steps:
      - uses: actions/checkout@v4
      - uses: cachix/install-nix-action@v22