From 19d267a2284b57a44474bdd1653d59cea549ee6a Mon Sep 17 00:00:00 2001 From: Oliver Wolff <23139298+cuioss@users.noreply.github.com> Date: Tue, 23 Jun 2026 00:18:22 +0200 Subject: [PATCH] chore(ci): adopt gate-based push/PR dedup (cuioss-organization v0.6.7) Bump cuioss-organization workflow refs to v0.6.7 and drop the fork-only if: guard (the reusable workflow's gate now skips a push build when an open PR covers the commit); add pull-requests: read so the gate can read open PRs. Co-Authored-By: Claude --- .github/workflows/dependabot-auto-merge.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/maven.yml | 6 ++---- .github/workflows/release.yml | 2 +- .github/workflows/scorecards.yml | 2 +- 5 files changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 9751102..77ff368 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -8,7 +8,7 @@ permissions: jobs: auto-merge: - uses: cuioss/cuioss-organization/.github/workflows/reusable-dependabot-auto-merge.yml@14a19791f40f31521ba48fc84d699ef5e52ff7c1 # v0.6.6 + uses: cuioss/cuioss-organization/.github/workflows/reusable-dependabot-auto-merge.yml@a7368d92f50df26ff8e495b9bd8ecee4cf9a8471 # v0.6.7 permissions: contents: write pull-requests: write diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 1e5d1c0..60678b7 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -9,7 +9,7 @@ permissions: jobs: dependency-review: - uses: cuioss/cuioss-organization/.github/workflows/reusable-dependency-review.yml@14a19791f40f31521ba48fc84d699ef5e52ff7c1 # v0.6.6 + uses: cuioss/cuioss-organization/.github/workflows/reusable-dependency-review.yml@a7368d92f50df26ff8e495b9bd8ecee4cf9a8471 # v0.6.7 permissions: contents: read pull-requests: write diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 7237f64..e6e4249 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -10,13 +10,11 @@ on: permissions: contents: read + pull-requests: read jobs: build: - # Run on push events, OR on pull_request only if from a fork - # This prevents duplicate runs: push handles internal branches, PR handles forks - if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name - uses: cuioss/cuioss-organization/.github/workflows/reusable-maven-build.yml@14a19791f40f31521ba48fc84d699ef5e52ff7c1 # v0.6.6 + uses: cuioss/cuioss-organization/.github/workflows/reusable-maven-build.yml@a7368d92f50df26ff8e495b9bd8ecee4cf9a8471 # v0.6.7 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} OSS_SONATYPE_USERNAME: ${{ secrets.OSS_SONATYPE_USERNAME }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 422240d..ffc8e85 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ jobs: permissions: contents: write if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' - uses: cuioss/cuioss-organization/.github/workflows/reusable-maven-release.yml@14a19791f40f31521ba48fc84d699ef5e52ff7c1 # v0.6.6 + uses: cuioss/cuioss-organization/.github/workflows/reusable-maven-release.yml@a7368d92f50df26ff8e495b9bd8ecee4cf9a8471 # v0.6.7 secrets: RELEASE_APP_ID: ${{ secrets.RELEASE_APP_ID }} RELEASE_APP_PRIVATE_KEY: ${{ secrets.RELEASE_APP_PRIVATE_KEY }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3409f9c..e137cda 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -12,7 +12,7 @@ permissions: jobs: analysis: - uses: cuioss/cuioss-organization/.github/workflows/reusable-scorecards.yml@14a19791f40f31521ba48fc84d699ef5e52ff7c1 # v0.6.6 + uses: cuioss/cuioss-organization/.github/workflows/reusable-scorecards.yml@a7368d92f50df26ff8e495b9bd8ecee4cf9a8471 # v0.6.7 permissions: security-events: write id-token: write