Merge pull request #323 from cloudfoundry-community/workflow-approval

foram-splunk · web-flow · commit d0c8838f6390 · 2022-09-26T12:05:02.000+05:30
Workflow approval
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -2,15 +2,25 @@ name: PCF
 on:
   push:
     branches: [ "develop" ]
-  pull_request:
+  pull_request_target:
     branches: [ "develop" ]
  
   workflow_dispatch:
 
 jobs:
+  workflow_approval:
+    name: Approve workflow
+    runs-on: ubuntu-latest
+    environment: workflow-approval
+    steps:
+      - name: Approve workflow
+        run: echo For security reasons, all pull requests need to be approved first before running any automated CI.
+
   fossa-scan:
     continue-on-error: true
     runs-on: ubuntu-latest
+    needs:
+      - workflow_approval
     steps:
       - uses: actions/checkout@v3
       - name: run fossa anlyze and create report
@@ -33,6 +43,8 @@ jobs:
           
   semgrep:
     runs-on: ubuntu-latest
+    needs:
+      - workflow_approval
     name: security-sast-semgrep
     if: github.actor != 'dependabot[bot]'
     steps:
@@ -45,6 +57,8 @@ jobs:
 
   build:
     runs-on: ubuntu-latest
+    needs:
+      - workflow_approval
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
