diff --git a/.github/workflows/build-gh.yml b/.github/workflows/build-gh.yml index 557cd08b..1dc516fd 100644 --- a/.github/workflows/build-gh.yml +++ b/.github/workflows/build-gh.yml @@ -4,6 +4,15 @@ on: push: branches: - "**" + branches-ignore: + - "dependabot/**" + + # Runs build workflow when dependabot PR is completed + # so that secrets can be accessed + workflow_run: + workflows: ["Dependabot PR Check"] + types: + - completed jobs: diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml new file mode 100644 index 00000000..6bda8cb0 --- /dev/null +++ b/.github/workflows/dependabot.yml @@ -0,0 +1,12 @@ +### .github/workflows/dependabot_pr.yml +### This workflow doesn't have access to secrets and has a read-only token +name: Dependabot PR Check +on: + push + +jobs: + check-dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - run: echo "PR created by Dependabot" \ No newline at end of file