From 4b1afb5b933fd650a92e801f1e3e1d347310bb53 Mon Sep 17 00:00:00 2001 From: Oliver Wolff <23139298+cuioss@users.noreply.github.com> Date: Tue, 23 Jun 2026 00:18:16 +0200 Subject: [PATCH] chore(ci): adopt gate-based push/PR dedup (cuioss-organization v0.6.7) Bump cuioss-organization workflow refs to v0.6.7 and drop the fork-only if: guard (the reusable workflow's gate now skips a push build when an open PR covers the commit); add pull-requests: read so the gate can read open PRs. Co-Authored-By: Claude --- .github/workflows/dependabot-auto-merge.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/maven.yml | 6 ++---- .github/workflows/release.yml | 2 +- .github/workflows/scorecards.yml | 2 +- 5 files changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 9751102..77ff368 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -8,7 +8,7 @@ permissions: jobs: auto-merge: - uses: cuioss/cuioss-organization/.github/workflows/reusable-dependabot-auto-merge.yml@14a19791f40f31521ba48fc84d699ef5e52ff7c1 # v0.6.6 + uses: cuioss/cuioss-organization/.github/workflows/reusable-dependabot-auto-merge.yml@a7368d92f50df26ff8e495b9bd8ecee4cf9a8471 # v0.6.7 permissions: contents: write pull-requests: write diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index ec36311..96a2ac9 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -10,7 +10,7 @@ permissions: jobs: dependency-review: - uses: cuioss/cuioss-organization/.github/workflows/reusable-dependency-review.yml@14a19791f40f31521ba48fc84d699ef5e52ff7c1 # v0.6.6 + uses: cuioss/cuioss-organization/.github/workflows/reusable-dependency-review.yml@a7368d92f50df26ff8e495b9bd8ecee4cf9a8471 # v0.6.7 permissions: contents: read pull-requests: write diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 155ac6d..1c76c5e 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -11,13 +11,11 @@ on: permissions: contents: read + pull-requests: read jobs: build: - # Run on push events, OR on pull_request only if from a fork - # This prevents duplicate runs: push handles internal branches, PR handles forks - if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name - uses: cuioss/cuioss-organization/.github/workflows/reusable-maven-build.yml@14a19791f40f31521ba48fc84d699ef5e52ff7c1 # v0.6.6 + uses: cuioss/cuioss-organization/.github/workflows/reusable-maven-build.yml@a7368d92f50df26ff8e495b9bd8ecee4cf9a8471 # v0.6.7 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} OSS_SONATYPE_USERNAME: ${{ secrets.OSS_SONATYPE_USERNAME }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2ef3caf..20bbceb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' permissions: contents: write - uses: cuioss/cuioss-organization/.github/workflows/reusable-maven-release.yml@14a19791f40f31521ba48fc84d699ef5e52ff7c1 # v0.6.6 + uses: cuioss/cuioss-organization/.github/workflows/reusable-maven-release.yml@a7368d92f50df26ff8e495b9bd8ecee4cf9a8471 # v0.6.7 secrets: RELEASE_APP_ID: ${{ secrets.RELEASE_APP_ID }} RELEASE_APP_PRIVATE_KEY: ${{ secrets.RELEASE_APP_PRIVATE_KEY }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index c0f32c5..94f9973 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -13,7 +13,7 @@ permissions: jobs: analysis: - uses: cuioss/cuioss-organization/.github/workflows/reusable-scorecards.yml@14a19791f40f31521ba48fc84d699ef5e52ff7c1 # v0.6.6 + uses: cuioss/cuioss-organization/.github/workflows/reusable-scorecards.yml@a7368d92f50df26ff8e495b9bd8ecee4cf9a8471 # v0.6.7 permissions: security-events: write id-token: write