Description

632 documents Megalinter failing when its run on `push` events instead of `pull_request`. Either we need to change how it's kicked off (only do it on `pull_request`) or only send security concerns when the workflow is run in the context of a PR.

Per the error log, push events run in a read-only context; trying to send a security update requires write access which is available when the run is triggered by a PR.

My recommendation is the first (push -> pull_request) as it seems "weird" to only send security notices when run in certain situations.. if it finds something, it should say something. Moreover, changing it to PR means that it will run less often, require fewer branch updates, and ultimately save compute minutes for other processes.

User Story

bug #632

Architectural Decision Records (ADRs)

No response

GSA-TTS / usagov-benefits-eligibility

Update Megalinter to get around security events not being sent properly #633

Description

632 documents Megalinter failing when its run on `push` events instead of `pull_request`. Either we need to change how it's kicked off (only do it on `pull_request`) or only send security concerns when the workflow is run in the context of a PR.

User Story

Architectural Decision Records (ADRs)

GSA-TTS / usagov-benefits-eligibility

Update Megalinter to get around security events not being sent properly #633

Description

632 documents Megalinter failing when its run on push events instead of pull_request. Either we need to change how it's kicked off (only do it on pull_request) or only send security concerns when the workflow is run in the context of a PR.

User Story

Architectural Decision Records (ADRs)

632 documents Megalinter failing when its run on `push` events instead of `pull_request`. Either we need to change how it's kicked off (only do it on `pull_request`) or only send security concerns when the workflow is run in the context of a PR.