11name : ForgeRock Fork Pull Request CI
2+
23on :
3- pull_request_target :
4- types : [opened, synchronize, reopened]
5- branches :
6- - main
4+ pull_request :
5+
6+ permissions :
7+ contents : read
8+ actions : read
9+
10+ concurrency :
11+ group : pr-${{ github.event.pull_request.number }}
12+ cancel-in-progress : true
713
814jobs :
915 pr :
16+ # Only run for forks
17+ if : ${{ github.event.pull_request.head.repo.full_name != github.repository }}
1018 runs-on : ubuntu-latest
1119 timeout-minutes : 20
20+
1221 steps :
1322 - uses : actions/checkout@v4
1423 with :
24+ # head commit is fine; the default merge ref also works on pull_request
1525 ref : ${{ github.event.pull_request.head.sha }}
1626 fetch-depth : 0
1727
@@ -20,26 +30,28 @@ jobs:
2030 run_install : false
2131
2232 - uses : actions/setup-node@v4
23- id : cache
2433 with :
2534 node-version-file : ' .node-version'
2635 cache : ' pnpm'
36+ cache-dependency-path : ' **/pnpm-lock.yaml'
2737
2838 - run : pnpm install --frozen-lockfile
2939
30- - name : Cache Playwright browsers
31- uses : actions/cache@v4
40+ # Restore-only cache to avoid save attempts/noise on forks
41+ - name : Restore Playwright browsers cache
42+ uses : actions/cache/restore@v4
3243 with :
3344 path : ~/.cache/ms-playwright
3445 key : ${{ runner.os }}-playwright-${{ hashFiles('**/pnpm-lock.yaml') }}
3546 restore-keys : |
3647 ${{ runner.os }}-playwright-
3748
38- run : pnpm exec playwright install
49+ run : pnpm exec playwright install --with-deps
3950
4051 - uses : nrwl/nx-set-shas@v4
41- # This line is needed for nx affected to work when CI is running on a PR
42- - run : git branch --track main origin/main
52+
53+ # Needed so nx affected can diff against main
54+ - run : git branch --track main origin/main || true
4355
4456 - run : pnpm nx format:check
4557 - run : pnpm nx affected -t build typecheck lint test e2e-ci
0 commit comments