[PM-7025] include check-run in workflows where secrets are used (#9135)

* include check-run in workflows where secrets are used * revert changes in build-cli workflow and add check-run to codecov * assert token permissions --------- Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2024-06-10 10:54:24 -05:00 · 2024-06-10 10:54:24 -05:00 · 7fb9408202
parent 700acc069b
commit 7fb9408202
1 changed files with 11 additions and 1 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -8,16 +8,26 @@ on:
      - "main"
      - "rc"
      - "hotfix-rc-*"
-  pull_request:
+  pull_request_target:
+    types: [opened, synchronize]

 defaults:
  run:
    shell: bash

 jobs:
+  check-run:
+    name: Check PR run
+    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+
  test:
    name: Run tests
    runs-on: ubuntu-22.04
+    needs: check-run
+    permissions:
+      contents: read
+      pull-requests: write
+      
    steps:
      - name: Checkout repo
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1