Check for secrets for a couple remaining workflows using them (#4621)

2024-11-21 12:05:42 +01:00 · 2024-08-13 08:24:15 -04:00 · 2024-08-13 08:24:15 -04:00 · 5084ccc328
commit 5084ccc328
parent f04c3b8e54
2 changed files with 40 additions and 8 deletions
--- a/.github/workflows/code-references.yml
+++ b/.github/workflows/code-references.yml
@ -1,19 +1,36 @@
---
 name: Collect code references

 on:
  pull_request:
-    branches-ignore:
-      - "renovate/**"
-
-permissions:
-  contents: read
-  pull-requests: write

 jobs:
+  check-ld-secret:
+    name: Check for LD secret
+    runs-on: ubuntu-22.04
+    outputs:
+      available: ${{ steps.check-ld-secret.outputs.available }}
+    permissions:
+      contents: read
+
+    steps:
+      - name: Check
+        id: check-ld-secret
+        run: |
+          if [ "${{ secrets.LD_ACCESS_TOKEN }}" != '' ]; then
+            echo "available=true" >> $GITHUB_OUTPUT;
+          else
+            echo "available=false" >> $GITHUB_OUTPUT;
+          fi
+
  refs:
    name: Code reference collection
    runs-on: ubuntu-22.04
+    needs: check-ld-secret
+    if: ${{ needs.check-ld-secret.outputs.available == 'true' }}
+    permissions:
+      contents: read
+      pull-requests: write
+
    steps:
      - name: Check out repository
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -1,4 +1,3 @@
---
 name: Testing

 on:
@ -18,8 +17,14 @@ jobs:
    name: Run tests
    if: ${{ startsWith(github.head_ref, 'version_bump_') == false }}
    runs-on: ubuntu-22.04
+    permissions:
+      checks: write
+      contents: read
+      pull-requests: write
+
    env:
      NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages
+
    steps:
      - name: Check out repo
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
@ -52,7 +57,17 @@ jobs:
          reporter: dotnet-trx
          fail-on-error: true

+      - name: Check for Codecov secret
+        id: check-codecov-secret
+        run: |
+          if [ "${{ secrets.CODECOV_TOKEN }}" != '' ]; then
+            echo "available=true" >> $GITHUB_OUTPUT;
+          else
+            echo "available=false" >> $GITHUB_OUTPUT;
+          fi
+
      - name: Upload to codecov.io
        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
+        if: steps.check-codecov-secret.outputs.available == 'true'
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}