diff --git a/.github/workflows/blackduck.yml b/.github/workflows/blackduck.yml index e2557c155..669bddd62 100644 --- a/.github/workflows/blackduck.yml +++ b/.github/workflows/blackduck.yml @@ -11,6 +11,7 @@ on: workflow_dispatch: permissions: + contents: read # allows workflow to checkout private repository pull-requests: read # allows SonarQube to decorate PRs with analysis results jobs: diff --git a/.github/workflows/multiTenant_deploy_and_Integration_test.yml b/.github/workflows/multiTenant_deploy_and_Integration_test.yml index 764655443..d658af729 100644 --- a/.github/workflows/multiTenant_deploy_and_Integration_test.yml +++ b/.github/workflows/multiTenant_deploy_and_Integration_test.yml @@ -9,6 +9,7 @@ on: workflow_dispatch: permissions: + contents: read pull-requests: read packages: read # Added permission to read packages @@ -317,7 +318,7 @@ jobs: test-summary: runs-on: ubuntu-latest needs: integration-test - if: always() + if: always() && github.event.pull_request.merged == true steps: - name: Check test results 📋 run: | diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml index e760c307e..34a81c705 100644 --- a/.github/workflows/sonarqube.yml +++ b/.github/workflows/sonarqube.yml @@ -11,6 +11,7 @@ on: workflow_dispatch: permissions: + contents: read # allows workflow to checkout private repository pull-requests: read # Allows SonarQube to decorate PRs with analysis results jobs: diff --git a/.github/workflows/unit.tests.yml b/.github/workflows/unit.tests.yml index bda421a7a..646934c67 100644 --- a/.github/workflows/unit.tests.yml +++ b/.github/workflows/unit.tests.yml @@ -8,6 +8,7 @@ on: types: [opened, synchronize, reopened, auto_merge_enabled] workflow_dispatch: permissions: + contents: read # allows workflow to checkout private repository pull-requests: read jobs: