Skip to content

Commit 04ea175

Browse files
scoropezascoropeza
authored
Merge branch 'main' into feat/security-scanners
2 parents 5e53801 + b56dfdc commit 04ea175

1 file changed

Lines changed: 11 additions & 2 deletions

File tree

.github/workflows/codebuild.yml

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -122,9 +122,13 @@ jobs:
122122
fi
123123
124124
build:
125+
# Fork PRs are skipped because they cannot access the repository secrets
126+
# or OIDC credentials needed for AWS CodeBuild.
125127
if: >-
126-
github.event_name != 'pull_request'
127-
|| contains(github.event.pull_request.labels.*.name, 'rules')
128+
(github.event_name != 'pull_request'
129+
|| contains(github.event.pull_request.labels.*.name, 'rules'))
130+
&& (github.event_name != 'pull_request'
131+
|| github.event.pull_request.head.repo.full_name == github.repository)
128132
environment: codebuild
129133

130134
permissions:
@@ -152,6 +156,7 @@ jobs:
152156
lookup-only: true
153157

154158
- name: Configure AWS credentials
159+
# env.ACT is set by the 'act' CLI tool for local testing
155160
if: ${{ !env.ACT && steps.cache-check.outputs.cache-hit != 'true' }}
156161
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
157162
with:
@@ -405,6 +410,7 @@ jobs:
405410
key: ${{ env.CODEBUILD_PROJECT_NAME }}-${{ github.ref_name }}-${{ github.sha }}
406411

407412
- name: Upload CodeBuild primary artifact
413+
# env.ACT is set by the 'act' CLI tool for local testing
408414
if: ${{ !env.ACT }}
409415
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
410416
with:
@@ -414,6 +420,7 @@ jobs:
414420
archive: false
415421

416422
- name: Upload Evaluation Report
423+
# env.ACT is set by the 'act' CLI tool for local testing
417424
if: ${{ !env.ACT }}
418425
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
419426
with:
@@ -423,6 +430,7 @@ jobs:
423430
archive: false
424431

425432
- name: Upload Trend Report
433+
# env.ACT is set by the 'act' CLI tool for local testing
426434
if: ${{ !env.ACT }}
427435
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
428436
with:
@@ -459,6 +467,7 @@ jobs:
459467
fi
460468
461469
- name: Upload Report Bundle
470+
# env.ACT is set by the 'act' CLI tool for local testing
462471
if: ${{ !env.ACT }}
463472
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
464473
with:

0 commit comments

Comments
 (0)