diff --git a/.github/linters/semgrep/pull-request-target-code-checkout.yaml b/.github/linters/semgrep/pull-request-target-code-checkout.yaml index 1348d505f6c36..a6186a753ab37 100644 --- a/.github/linters/semgrep/pull-request-target-code-checkout.yaml +++ b/.github/linters/semgrep/pull-request-target-code-checkout.yaml @@ -47,6 +47,15 @@ rules: ... $JOBNAME: ... + - pattern-not-inside: | + needs: [..., permission-check, ...] + ... + - pattern-not-inside: | + needs: + ... + - permission-check + ... + ... - pattern-not-inside: | needs: [permission-check] ... diff --git a/.github/workflows/docker-build-test.yaml b/.github/workflows/docker-build-test.yaml index 7240ca7a97a49..82a2a7d900412 100644 --- a/.github/workflows/docker-build-test.yaml +++ b/.github/workflows/docker-build-test.yaml @@ -111,6 +111,7 @@ jobs: # This job determines which files were changed file_change_determinator: + needs: [permission-check] runs-on: ubuntu-latest outputs: only_docs_changed: ${{ steps.determine_file_changes.outputs.only_docs_changed }} diff --git a/.github/workflows/semgrep.yaml b/.github/workflows/semgrep.yaml index 320f35904f60e..9505c7b3b2b9c 100644 --- a/.github/workflows/semgrep.yaml +++ b/.github/workflows/semgrep.yaml @@ -4,6 +4,8 @@ on: workflow_dispatch: pull_request: types: [labeled, opened, synchronize, reopened, auto_merge_enabled] + schedule: + - cron: '0 * * * *' jobs: semgrep: diff --git a/.github/workflows/ts-sdk-e2e-tests.yaml b/.github/workflows/ts-sdk-e2e-tests.yaml index 8a4b53419af29..1a9c168e5dbbf 100644 --- a/.github/workflows/ts-sdk-e2e-tests.yaml +++ b/.github/workflows/ts-sdk-e2e-tests.yaml @@ -34,6 +34,7 @@ jobs: # This job determines which files were changed file_change_determinator: + needs: [permission-check] runs-on: ubuntu-latest outputs: only_docs_changed: ${{ steps.determine_file_changes.outputs.only_docs_changed }}