adding example of not running on draft PRs

.github/templates/workflow-templates/build.yml

@@ -35,6 +35,7 @@ jobs: #This workflow contains the jobs "check-run", "lint", "build-artifacts", "
 
   lint:
     name: Lint
+    if: github.event.pull_request.draft == false # prevent part of a job from running on a draft PR
     runs-on: ubuntu-22.04
     needs:
       - check-run # This job will wait until check-run completes
@@ -57,9 +58,9 @@ jobs: #This workflow contains the jobs "check-run", "lint", "build-artifacts", "
     runs-on: ubuntu-22.04
     needs:
       - lint
-    strategy:
-      fail-fast: false
-      matrix:
+    strategy: # Create multiple job runs for each of a set of variables
+      fail-fast: false # If true, cancel entire run if any job in the matrix fails
+      matrix:  # Matrix of variables used to define multiple job runs
         include:
           - project_name: Admin
             base_path: ./src

.github/templates/workflow-templates/scan.yml

@@ -44,11 +44,12 @@ jobs:
     steps:
       - name: Check out repo
         # Always pin a public action version to a full git SHA.  Version pins are insecure and can introduce vulnerabilities into workflows.
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2  
         with: # Parameters specific to this action that need to be defined in order for the step to be completed
           ref: ${{  github.event.pull_request.head.sha }}
 
       - name: Scan with Checkmarx
+        if: github.event.pull_request.draft == false # prevent part of a job from running on a draft PR
         uses: checkmarx/ast-github-action@f0869bd1a37fddc06499a096101e6c900e815d81 # 2.0.36
         env: # Environment variables set for this step but not accessible by all workflows, steps or jobs.
           INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"