diff --git a/.github/workflows/build_validation_develop.yml b/.github/workflows/build_validation_develop.yml
index 7849f1b53a..ed42b47754 100644
--- a/.github/workflows/build_validation_develop.yml
+++ b/.github/workflows/build_validation_develop.yml
@@ -15,17 +15,6 @@ jobs:
   lint:
     name: Lint
     runs-on: ubuntu-latest
-    # The conditions below define the desired behaviour of the deployment
-    # workflow:
-    #   1. The workflow must NOT be triggered automatically by an opened
-    #     pull request
-    #   2. It should be possible to manually trigger the workflow for PRs
-    #     originating from forks (using "safe to test" label)
-    #   3. The workflow must run when scheduled, pushed (i.e., merge) or
-    #     manually triggered
-    if: |
-      github.event.pull_request.head.repo.full_name == github.repository
-      || contains(github.event.pull_request.labels.*.name, 'safe to test')
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
@@ -33,6 +22,7 @@ jobs:
           # Full git history is needed to get a proper list of
           # changed files within `super-linter`
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Lint code base
         uses: github/super-linter@v4
@@ -48,12 +38,22 @@ jobs:
           VALIDATE_JAVA: true
           JAVA_FILE_NAME: checkstyle.xml
 
+      - uses: dorny/paths-filter@v2
+        id: filter
+        with:
+          filters: |
+            terraform:
+              # our Terraform uses more than just *.tf files, so need to check changes in the folder
+              - '**/terraform/**/*'
+
       - name: Terraform format check
+        if: ${{ steps.filter.outputs.terraform == 'true' }}
         run: terraform fmt -check -recursive
 
       # find all terraform folders and run validate to catch
       # configuration errors
       - name: Terraform validation
+        if: ${{ steps.filter.outputs.terraform == 'true' }}
         run: |
           find . -type d -name 'terraform' -not -path '*cnab*' -print0 \
           | xargs -0 -I{} sh -c 'echo "***** Validating: {} *****"; \
diff --git a/.github/workflows/deploy_tre.yml b/.github/workflows/deploy_tre.yml
index b25e7326ab..2d8d18a50a 100644
--- a/.github/workflows/deploy_tre.yml
+++ b/.github/workflows/deploy_tre.yml
@@ -65,6 +65,7 @@ jobs:
       || contains(github.event.pull_request.labels.*.name, 'safe to test'))
     outputs:
       refid: ${{ steps.run-id.outputs.refid }}
+      not-md: ${{ steps.filter.outputs.not-md }}
     steps:
       - id: run-id
         name: Get run id
@@ -77,9 +78,36 @@ jobs:
           echo "using id of: ${REFID} for GitHub Ref: ${GITHUB_REF}"
           echo "::set-output name=refid::${REFID}"
 
+      - name: Checkout
+        # Code is used by orny/paths-filter action but not required for pull requests
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: actions/checkout@v2
+        with:
+          persist-credentials: false
+
+      - uses: dorny/paths-filter@v2
+        id: filter
+        with:
+          filters: |
+            not-md:
+              # we need to check for changes in files other than *.md
+              - '**/!(*.md)'
+
+      # If we don't run the actual deploy (below) we won't receive a check-run status,
+      # and will have to send it "manually"
+      - name: Bypass E2E check-runs status
+        if: ${{ steps.filter.outputs.not-md == 'false' }}
+        uses: LouisBrunner/checks-action@v1.1.1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          # the name must be identical to the one received by the real job
+          name: "Deploy PR / Run E2E Tests (Smoke)"
+          status: "completed"
+          conclusion: "success"
+
   run-deploy-tre-not-main:
     name: "Deploy PR"
-    if: github.ref != 'refs/heads/main'
+    if: ${{ github.ref != 'refs/heads/main' && needs.prepare-not-main.outputs.not-md == 'true' }}
     needs: [prepare-not-main]
     uses: ./.github/workflows/deploy_tre_reusable.yml
     secrets: