From d66670a4c4a9f661ec86805312245ceda314ba95 Mon Sep 17 00:00:00 2001 From: Leonard O'Sullivan Date: Fri, 27 Feb 2026 10:00:35 +1000 Subject: [PATCH 1/2] ci: fix checks and ruleset configuration - Remove push-to-main trigger from precommit (pointless after merge) - Remove useless release-please skip conditions from all workflows (GITHUB_TOKEN PRs don't trigger workflows anyway) - Remove integration-test from required checks (via API) - Remove OrganizationAdmin bypass, narrow admin to pull_request mode - Add Go Tests badge to README Co-Authored-By: Claude Opus 4.6 --- .github/workflows/go-tests.yml | 2 -- .github/workflows/integration-tests.yml | 6 ++---- .github/workflows/precommit.yml | 9 --------- README.md | 2 ++ 4 files changed, 4 insertions(+), 15 deletions(-) diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml index 69e5ea5..401ccda 100644 --- a/.github/workflows/go-tests.yml +++ b/.github/workflows/go-tests.yml @@ -14,8 +14,6 @@ permissions: jobs: go-test: - # Skip for release-please PRs (skipped jobs report as "success" for required checks) - if: github.event_name == 'push' || !startsWith(github.head_ref, 'release-please--') runs-on: ubuntu-latest defaults: run: diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 6c341ae..a8ba9d0 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -15,11 +15,9 @@ permissions: jobs: integration-test: - # Skip for release-please PRs; only run on label or manual dispatch if: >- - !startsWith(github.head_ref || '', 'release-please--') && - (github.event_name == 'workflow_dispatch' || - github.event.label.name == 'integration-test') + github.event_name == 'workflow_dispatch' || + github.event.label.name == 'integration-test' runs-on: ubuntu-latest timeout-minutes: 15 environment: integration diff --git a/.github/workflows/precommit.yml b/.github/workflows/precommit.yml index ae6551d..c6c4296 100644 --- a/.github/workflows/precommit.yml +++ b/.github/workflows/precommit.yml @@ -2,21 +2,12 @@ name: Pre-commit on: pull_request: - push: - branches: [main] - paths: - - "*.tf" - - "cmd/lambda/**" - - ".pre-commit-config.yaml" - - ".terraform-docs.yml" permissions: contents: read jobs: precommit: - # Skip for release-please PRs (skipped jobs report as "success" for required checks) - if: github.event_name == 'push' || !startsWith(github.head_ref, 'release-please--') runs-on: ubuntu-latest steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 diff --git a/README.md b/README.md index cf65825..c325eda 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # nat-zero +[![Go Tests](https://github.com/MachineDotDev/nat-zero/actions/workflows/go-tests.yml/badge.svg?branch=main)](https://github.com/MachineDotDev/nat-zero/actions/workflows/go-tests.yml) + **Scale-to-zero NAT instances for AWS.** Stop paying for NAT when nothing is running. nat-zero is a Terraform module that replaces always-on NAT with on-demand NAT instances. When a workload launches in a private subnet, a NAT instance starts automatically. When the last workload stops, the NAT shuts down and its Elastic IP is released. Idle cost: ~$0.80/month per AZ. From 412d89d36caa87ab323cc7b25f337d493c84b78f Mon Sep 17 00:00:00 2001 From: Leonard O'Sullivan Date: Fri, 27 Feb 2026 11:36:47 +1000 Subject: [PATCH 2/2] ci: trigger go-tests when workflow file is edited Co-Authored-By: Claude Opus 4.6 --- .github/workflows/go-tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml index 401ccda..827b23b 100644 --- a/.github/workflows/go-tests.yml +++ b/.github/workflows/go-tests.yml @@ -4,10 +4,12 @@ on: pull_request: paths: - "cmd/lambda/**" + - ".github/workflows/go-tests.yml" push: branches: [main] paths: - "cmd/lambda/**" + - ".github/workflows/go-tests.yml" permissions: contents: read