scan only on pr

tylertitsworth · tylertitsworth · commit 02c175f7842a · 2024-06-21T15:37:06.000-07:00
diff --git a/.github/workflows/container-ci.yaml b/.github/workflows/container-ci.yaml
@@ -110,6 +110,7 @@ jobs:
 ####################################################################################################
   setup-scan:
     needs: [build-containers]
+    if: ${{ github.event_name == 'pull_request' }}
     runs-on: ubuntu-latest
     outputs:
       matrix: ${{ steps.scan-matrix.outputs.matrix }}
@@ -126,13 +127,8 @@ jobs:
       run: echo "matrix=$(cat matrix/*-${{ needs.build-containers.outputs.group }}/*.txt | jq -R '.' | jq -sc '. | unique')" >> $GITHUB_OUTPUT
   scan-containers:
     needs: [setup-scan]
-    if: ${{ !inputs.no_build }}
+    if: ${{ !inputs.no_build && github.event_name == 'pull_request' }}
     runs-on: k8-runners
-    permissions:
-      actions: read
-      packages: read
-      pull-requests: write
-      security-events: write
     strategy:
       matrix:
         container: ${{ fromJSON(needs.setup-scan.outputs.matrix) }}
