diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b60989108..8370bb4a3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -304,6 +304,7 @@ jobs: files: ./coverage.txt release: + if: startsWith(github.ref, 'refs/tags/v') permissions: contents: write # to create a release (ncipollo/release-action) runs-on: ubuntu-latest @@ -329,7 +330,6 @@ jobs: find bin/release -type f -exec file -e ascii -- {} + - name: GitHub Release - if: startsWith(github.ref, 'refs/tags/v') uses: ncipollo/release-action@339a81892b84b4eeb0f6e744e4574d79d0d9b8dd # v1.21.0 with: artifacts: ./bin/release/* diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml index ee8df35b2..435d9beb0 100644 --- a/.github/workflows/merge.yml +++ b/.github/workflows/merge.yml @@ -39,7 +39,7 @@ jobs: cache: true cache-scope: bin-image output: image - push: ${{ github.event_name != 'pull_request' }} + push: true # this workflow only triggers on push (main and tags) sbom: true set-meta-labels: true meta-images: | diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 237a1f520..df3c6130a 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -61,6 +61,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1 + uses: github/codeql-action/upload-sarif@411c4c9a36b3fca4d674f06b6396b2c6d23522c6 # v3.36.3 with: sarif_file: results.sarif