SharezoneApp · nilsreichardt · Feb 28, 2023 · Feb 27, 2023 · Feb 27, 2023 · Feb 27, 2023
@@ -6,11 +6,11 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
 
-# This is a basic workflow to help you get started with Actions
+# This workflow handles the CI for the app. Therefore, it's only triggered on
+# pull requests that make changes to the app.
 
-name: CI
+name: app-ci
 
-# Controls when the action will run. 
 on:
   # Triggers the workflow on pull request events
   pull_request:
@@ -25,9 +25,24 @@ on:
       # need to trigger these jobs again when the pull request is changing to
       # ready for review.
       - ready_for_review
-
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
+    paths:
+      # We only build and deploy a new version, when a user relevant files
+      # changed.
+      - "app/**"
+      - "lib/**"
+      # We trigger also this workflow, if this workflow is changed, so that new
+      # changes will be applied.
+      - ".github/workflows/app_ci.yml"
+      # The following paths are excluded from the above paths. It's important to
+      # list the paths at the end of the file, so that the exclude paths are
+      # applied.
+      #
+      # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-including-and-excluding-paths.
+      - "!**.md"
+      - "!**.mdx"
+      - "!**.gitignore"
+      - "!**/firebase.json"
+      - "!**/.firebaserc"
 
 env:
   CI_CD_DART_SCRIPTS_PACKAGE_PATH: "tools/sz_repo_cli/"
@@ -74,16 +89,6 @@ jobs:
       - name: Run code analysis via "sz analyze" (formatting, issues, spacing ...)
         run: sz analyze --max-concurrent-packages 3 --package-timeout-minutes 15
 
-  check-files-licence-headers:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
-        with:
-          go-version: '^1.13.1'
-      - run: go install github.com/google/addlicense@latest 
-      - run: ./bin/check_license_headers.sh
-
   test:
     runs-on: macos-latest
     steps:

@@ -0,0 +1,34 @@
+# Copyright (c) 2022 Sharezone UG (haftungsbeschränkt)
+# Licensed under the EUPL-1.2-or-later.
+#
+# You may obtain a copy of the Licence at:
+# https://joinup.ec.europa.eu/software/page/eupl
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+name: licence-ci
+
+# Controls when the action will run. 
+on:
+  # Triggers the workflow on pull request events
+  pull_request:
+    types:
+      - opened
+      - synchronize
+
+# Set permissions to none.
+#
+# Using the broad default permissions is considered a bad security practice 
+# and would cause alerts from our scanning tools.
+permissions: {}
+
+jobs:
+  check-files-licence-headers:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-go@v2
+        with:
+          go-version: '^1.13.1'
+      - run: go install github.com/google/addlicense@latest 
+      - run: ./bin/check_license_headers.sh