[Dependency Review] Skipping health check for draft PRs (#225008)

## Summary Skipping health check and required review for draft PRs.
2025-06-27 18:51:07 -04:00 · 2025-06-24 13:58:54 +02:00 · 2025-06-24 13:58:54 +02:00 · 0988f1bcb9
commit 0988f1bcb9
parent 21200b848e
2 changed files with 51 additions and 47 deletions
--- a/.github/workflows/enforce-dependency-review.yml
+++ b/.github/workflows/enforce-dependency-review.yml
@ -2,7 +2,7 @@ name: Enforce Dependency Review

 on:
  pull_request_target:
-    types: [opened, reopened, synchronize]
+    types: [opened, reopened, synchronize, ready_for_review]
    paths:
      - 'package.json'
    branches:
@ -14,26 +14,27 @@ jobs:
    runs-on: ubuntu-latest
    if: |
      github.repository == 'elastic/kibana' &&
-      github.actor != 'elastic-renovate-prod[bot]'
+      github.actor != 'elastic-renovate-prod[bot]' &&
+      github.event.pull_request.draft == false
    steps:
-    - name: Checkout kibana-operations
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      with:
-        repository: 'elastic/kibana-operations'
-        ref: main
-        path: ./kibana-operations
-        token: ${{secrets.KIBANAMACHINE_TOKEN}}
+      - name: Checkout kibana-operations
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          repository: 'elastic/kibana-operations'
+          ref: main
+          path: ./kibana-operations
+          token: ${{secrets.KIBANAMACHINE_TOKEN}}

-    - name: Run dependency security review
-      working-directory: ./kibana-operations/triage
-      env:
-        GITHUB_TOKEN: ${{secrets.KIBANAMACHINE_TOKEN}}
-        PR_NUMBER: ${{ github.event.pull_request.number }}
-        REPO_OWNER: ${{ github.repository_owner }}
-        REPO_NAME: ${{ github.event.repository.name }}
-        HEAD_SHA: ${{ github.event.pull_request.head.sha }}
-        BASE_SHA: ${{ github.event.pull_request.base.sha }}
-        EVENT_NAME: ${{ github.event_name }}
-      run: |
-        npm ci --omit=dev
-        node enforce-dependency-review.js
+      - name: Run dependency security review
+        working-directory: ./kibana-operations/triage
+        env:
+          GITHUB_TOKEN: ${{secrets.KIBANAMACHINE_TOKEN}}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          REPO_OWNER: ${{ github.repository_owner }}
+          REPO_NAME: ${{ github.event.repository.name }}
+          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+          BASE_SHA: ${{ github.event.pull_request.base.sha }}
+          EVENT_NAME: ${{ github.event_name }}
+        run: |
+          npm ci --omit=dev
+          node enforce-dependency-review.js
--- a/.github/workflows/evaluate-dependency-health.yml
+++ b/.github/workflows/evaluate-dependency-health.yml
@ -3,6 +3,8 @@ on:
  pull_request_target:
    types:
      - opened
+      - synchronize
+      - ready_for_review
    branches:
      - 'main'
    paths:
@ -14,30 +16,31 @@ jobs:
    runs-on: ubuntu-latest
    if: |
      github.repository == 'elastic/kibana' &&
-      github.actor != 'elastic-renovate-prod[bot]'
+      github.actor != 'elastic-renovate-prod[bot]' &&
+      github.event.pull_request.draft == false
    steps:
-    - name: Checkout kibana-operations
-      uses: actions/checkout@09d2acae674a48949e3602304ab46fd20ae0c42f
-      with:
-        repository: 'elastic/kibana-operations'
-        ref: main
-        path: ./kibana-operations
-        token: ${{secrets.KIBANAMACHINE_TOKEN}}
+      - name: Checkout kibana-operations
+        uses: actions/checkout@09d2acae674a48949e3602304ab46fd20ae0c42f
+        with:
+          repository: 'elastic/kibana-operations'
+          ref: main
+          path: ./kibana-operations
+          token: ${{secrets.KIBANAMACHINE_TOKEN}}

-    - name: Run dependency health score script
-      working-directory: ./kibana-operations/triage
-      env:
-        GITHUB_TOKEN: ${{secrets.KIBANAMACHINE_TOKEN}}
-        SLACK_TOKEN: ${{secrets.CODE_SCANNING_SLACK_TOKEN}}
-        SLACK_CHANNEL: ${{ secrets.CODE_SCANNING_SLACK_CHANNEL_ID }}
-        PR_NUMBER: ${{ github.event.pull_request.number }}
-        REPO_OWNER: ${{ github.repository_owner }}
-        REPO_NAME: ${{ github.event.repository.name }}
-        HEAD_SHA: ${{ github.event.pull_request.head.sha }}
-        BASE_SHA: ${{ github.event.pull_request.base.sha }}
-        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        SNYK_ORG_ID: ${{ secrets.SNYK_ORG_ID }}
-        EVENT_NAME: ${{ github.event_name }}
-      run: |
-        npm ci --omit=dev
-        node dependency-health-score.js
+      - name: Run dependency health score script
+        working-directory: ./kibana-operations/triage
+        env:
+          GITHUB_TOKEN: ${{secrets.KIBANAMACHINE_TOKEN}}
+          SLACK_TOKEN: ${{secrets.CODE_SCANNING_SLACK_TOKEN}}
+          SLACK_CHANNEL: ${{ secrets.CODE_SCANNING_SLACK_CHANNEL_ID }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          REPO_OWNER: ${{ github.repository_owner }}
+          REPO_NAME: ${{ github.event.repository.name }}
+          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+          BASE_SHA: ${{ github.event.pull_request.base.sha }}
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          SNYK_ORG_ID: ${{ secrets.SNYK_ORG_ID }}
+          EVENT_NAME: ${{ github.event_name }}
+        run: |
+          npm ci --omit=dev
+          node dependency-health-score.js