From 77b2351ec8f7b75e4dd7e76de56d9816f5b1b603 Mon Sep 17 00:00:00 2001
From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com>
Date: Mon, 21 Feb 2022 12:49:39 +0000
Subject: [PATCH 1/2] run workflow steps when needed

---
 .../workflows/build_validation_develop.yml    | 22 +++++++-------
 .github/workflows/deploy_tre.yml              | 30 ++++++++++++++++++-
 2 files changed, 40 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/build_validation_develop.yml b/.github/workflows/build_validation_develop.yml
index 7849f1b53a..ed42b47754 100644
--- a/.github/workflows/build_validation_develop.yml
+++ b/.github/workflows/build_validation_develop.yml
@@ -15,17 +15,6 @@ jobs:
   lint:
     name: Lint
     runs-on: ubuntu-latest
-    # The conditions below define the desired behaviour of the deployment
-    # workflow:
-    #   1. The workflow must NOT be triggered automatically by an opened
-    #     pull request
-    #   2. It should be possible to manually trigger the workflow for PRs
-    #     originating from forks (using "safe to test" label)
-    #   3. The workflow must run when scheduled, pushed (i.e., merge) or
-    #     manually triggered
-    if: |
-      github.event.pull_request.head.repo.full_name == github.repository
-      || contains(github.event.pull_request.labels.*.name, 'safe to test')
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
@@ -33,6 +22,7 @@ jobs:
           # Full git history is needed to get a proper list of
           # changed files within `super-linter`
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Lint code base
         uses: github/super-linter@v4
@@ -48,12 +38,22 @@ jobs:
           VALIDATE_JAVA: true
           JAVA_FILE_NAME: checkstyle.xml
 
+      - uses: dorny/paths-filter@v2
+        id: filter
+        with:
+          filters: |
+            terraform:
+              # our Terraform uses more than just *.tf files, so need to check changes in the folder
+              - '**/terraform/**/*'
+
       - name: Terraform format check
+        if: ${{ steps.filter.outputs.terraform == 'true' }}
         run: terraform fmt -check -recursive
 
       # find all terraform folders and run validate to catch
       # configuration errors
       - name: Terraform validation
+        if: ${{ steps.filter.outputs.terraform == 'true' }}
         run: |
           find . -type d -name 'terraform' -not -path '*cnab*' -print0 \
           | xargs -0 -I{} sh -c 'echo "***** Validating: {} *****"; \
diff --git a/.github/workflows/deploy_tre.yml b/.github/workflows/deploy_tre.yml
index b25e7326ab..d5b082ea99 100644
--- a/.github/workflows/deploy_tre.yml
+++ b/.github/workflows/deploy_tre.yml
@@ -65,6 +65,7 @@ jobs:
       || contains(github.event.pull_request.labels.*.name, 'safe to test'))
     outputs:
       refid: ${{ steps.run-id.outputs.refid }}
+      not-md: ${{ steps.filter.outputs.not-md }}
     steps:
       - id: run-id
         name: Get run id
@@ -77,9 +78,36 @@ jobs:
           echo "using id of: ${REFID} for GitHub Ref: ${GITHUB_REF}"
           echo "::set-output name=refid::${REFID}"
 
+      - name: Checkout
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: actions/checkout@v2
+        with:
+          persist-credentials: false
+
+      # For pull requests it's not necessary to checkout the code
+      - uses: dorny/paths-filter@v2
+        id: filter
+        with:
+          filters: |
+            not-md:
+              # we need to check for changes in files other than *.md
+              - '**/!(*.md)'
+
+      # If we don't run the actual deploy (below) we won't receive a check-run status,
+      # and will have to send it "manually"
+      - name: Bypass E2E check-runs status
+        if: ${{ steps.filter.outputs.not-md == 'false' }}
+        uses: LouisBrunner/checks-action@v1.1.1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          # the name must be identical to the one received by the real job
+          name: "Deploy PR / Run E2E Tests (Smoke)"
+          status: "completed"
+          conclusion: "success"
+
   run-deploy-tre-not-main:
     name: "Deploy PR"
-    if: github.ref != 'refs/heads/main'
+    if: ${{ github.ref != 'refs/heads/main' && needs.prepare-not-main.outputs.not-md == 'true' }}
     needs: [prepare-not-main]
     uses: ./.github/workflows/deploy_tre_reusable.yml
     secrets:

From 22fdd5f3b2fcd899b326ef716a4ec7ba3684bd8d Mon Sep 17 00:00:00 2001
From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com>
Date: Mon, 21 Feb 2022 15:10:33 +0000
Subject: [PATCH 2/2] update comment

---
 .github/workflows/deploy_tre.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy_tre.yml b/.github/workflows/deploy_tre.yml
index d5b082ea99..2d8d18a50a 100644
--- a/.github/workflows/deploy_tre.yml
+++ b/.github/workflows/deploy_tre.yml
@@ -79,12 +79,12 @@ jobs:
           echo "::set-output name=refid::${REFID}"
 
       - name: Checkout
+        # Code is used by orny/paths-filter action but not required for pull requests
         if: ${{ github.event_name != 'pull_request' }}
         uses: actions/checkout@v2
         with:
           persist-credentials: false
 
-      # For pull requests it's not necessary to checkout the code
       - uses: dorny/paths-filter@v2
         id: filter
         with: