Merge pull request #351 from splunk/workflow-approval

Workflow approval

Author: foram-splunk

.github/workflows/ci_build_test.yaml

@@ -1,7 +1,7 @@
 name: CI Build Test
 
 on:
-  pull_request:
+  pull_request_target:
     branches-ignore:
       - /^release\/.*/
       - master
@@ -16,9 +16,19 @@ on:
         required: true
 
 jobs:
+  workflow_approval:
+    name: Approve workflow
+    runs-on: ubuntu-20.04
+    environment: workflow-approval
+    steps:
+      - name: Approve workflow
+        run: echo For security reasons, all pull requests need to be approved first before running any automated CI.
+
   fossa-scan:
     continue-on-error: true
     runs-on: ubuntu-latest
+    needs:
+      - workflow_approval
     steps:
       - uses: actions/checkout@v3
       - name: run fossa anlyze and create report
@@ -41,6 +51,8 @@ jobs:
 
   semgrep:
     runs-on: ubuntu-latest
+    needs:
+      - workflow_approval
     name: security-sast-semgrep
     if: github.actor != 'dependabot[bot]'
     steps:
@@ -54,6 +66,8 @@ jobs:
   build-unit-test:
     name: build and run unit test
     runs-on: ubuntu-20.04
+    needs:
+      - workflow_approval
     steps:
       - name: Checkout
         uses: actions/checkout@v2