move GH actions tags check to separate workflow

snazy · snazy · commit 2714ffbe473b · 2026-02-14T09:33:09.000+01:00
diff --git a/.github/workflows/check_action_tags.yml b/.github/workflows/check_action_tags.yml
@@ -0,0 +1,46 @@
+name: Check action tags
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/workflows/dummy.yml"
+  pull_request:
+    paths:
+      - ".github/workflows/update_actions.yml"
+      - ".github/workflows/dummy.yml"
+      - gateway/*
+
+permissions:
+  contents: read
+
+# We want workflows on main to run in order to avoid losing data through race conditions
+concurrency: "${{ github.ref }}-${{ github.workflow }}"
+
+jobs:
+  check_action_tags:
+    runs-on: ubuntu-latest
+    steps:
+
+      - uses: actions/checkout@v6
+
+      - run: pip install ruyaml 
+
+      - name: Update actions.yml and check action tags
+        # This step is similar to the one in update_actions.yml but also verifies the actions' tags
+        shell: python
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          import sys
+          sys.path.append("./gateway/")
+
+          import gateway as g
+          g.update_actions(".github/workflows/dummy.yml", "actions.yml")
+          g.update_patterns("approved_patterns.yml", "actions.yml")
+
+          import action_tags as at
+          result = at.verify_actions("actions.yml")
+          if result.has_failures():
+            raise Exception(f"Verify actions result summary:\n{result}")
diff --git a/.github/workflows/update_actions.yml b/.github/workflows/update_actions.yml
@@ -32,9 +32,7 @@ jobs:
       - run: pip install ruyaml 
 
       - name: Update actions.yml
-        shell: python
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        shell: python 
         run: |
           import sys
           sys.path.append("./gateway/")
@@ -43,11 +41,6 @@ jobs:
           g.update_actions(".github/workflows/dummy.yml", "actions.yml")
           g.update_patterns("approved_patterns.yml", "actions.yml")
 
-          import action_tags as at
-          result = at.verify_actions("actions.yml")
-          if result.has_failures():
-            raise Exception(f"Verify actions result summary:\n{result}")
-
       - name: Commit and push changes
         if: ${{ github.event_name != 'pull_request' }}
         run: |
