diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index 5a97de26f5d3..248c50e2e849 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -10,11 +10,8 @@ name: "Analysis" -on: - pull_request: - branches: [ "master", "main", "stable-*" ] - push: - branches: [ "master", "main", "stable-*" ] +on: pull_request + permissions: pull-requests: write @@ -26,7 +23,7 @@ concurrency: jobs: analysis: - runs-on: ubuntu-latest + runs-on: tenki-standard-large-plus-16c-32g steps: - name: Disabled on forks if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository }} diff --git a/.github/workflows/assembleFlavors.yml b/.github/workflows/assembleFlavors.yml index a18c2d339c80..320b1b5c0291 100644 --- a/.github/workflows/assembleFlavors.yml +++ b/.github/workflows/assembleFlavors.yml @@ -3,9 +3,7 @@ name: "Assemble" -on: - pull_request: - branches: [ master, stable-* ] +on: pull_request # Declare default permissions as read only. permissions: read-all diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5fd57479c124..02a7b307ca5e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -9,13 +9,7 @@ name: "CodeQL" -on: - push: - branches: [ "master", "main", "stable-*" ] - pull_request: - branches: [ "master", "main" ] - schedule: - - cron: '24 18 * * 3' +on: pull_request permissions: contents: read @@ -57,4 +51,7 @@ jobs: echo "org.gradle.jvmargs=-Xmx4g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError" > "$HOME/.gradle/gradle.properties" ./gradlew assembleDebug - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11 + uses: github/codeql-action/analyze@v3 + with: + upload: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }} +