Merge pull request #106 from sebhmg/DEVOPS-825

sebhmg · web-flow · commit 2e61aceb15b2 · 2025-08-18T13:51:39.000-04:00
DEVOPS-825: use token for shared JIRA workflows
diff --git a/.github/workflows/issue_to_jira.yml b/.github/workflows/issue_to_jira.yml
@@ -10,6 +10,7 @@ permissions:
 
 jobs:
   call-workflow-create-jira-issue:
+    if: startsWith(github.repository, 'MiraGeoscience/')  # run on the Mira repo only
     uses: MiraGeoscience/CI-tools/.github/workflows/reusable-jira-issue_to_jira.yml@main
     with:
       project-key: 'GEOPY'
diff --git a/.github/workflows/pr_add_jira_summary.yml b/.github/workflows/pr_add_jira_summary.yml
@@ -10,6 +10,7 @@ permissions:
 
 jobs:
   call-workflow-add-jira-issue-summary:
+    if: startsWith(github.repository, 'MiraGeoscience/')  # run if PR targets the Mira repo only
     uses: MiraGeoscience/CI-tools/.github/workflows/reusable-jira-pr_add_jira_summary.yml@main
     secrets:
       JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
diff --git a/.github/workflows/zizmor-security-mira.yml b/.github/workflows/zizmor-security-mira.yml
@@ -0,0 +1,28 @@
+name: Zizmor analysis
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+    branches:
+      - develop
+      - main
+      - release/**
+      - feature/**
+      - hotfix/**
+  push:
+    branches:
+      - main
+      - develop
+      - feature/**
+      - hotfix/**
+      - release/**
+
+jobs:
+  call-workflow-zizmor:
+    name: Zizmor analysis
+    # run on the Mira repo only (upstream SimPEG repo has its own workflow for Zizmor)
+    if: startsWith(github.repository, 'MiraGeoscience/')
+    permissions:
+      contents: read
+      actions: read
+    uses: MiraGeoscience/CI-tools/.github/workflows/reusable-zizmor-security.yml@main
diff --git a/.github/workflows/zizmor-security-upstream.yml b/.github/workflows/zizmor-security-upstream.yml
@@ -13,6 +13,8 @@ permissions: {}
 
 jobs:
   lint:
+    # run only if not on the Mira repo (MiraGeoscience repo has its own workflow for Zizmor)
+    if: ${{ !startsWith(github.repository, 'MiraGeoscience/') }}
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
