ci(octo-issue-feed): opt into webhook-only triage (enable_im_notify=f… #34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: OSV-Scanner | |
| on: | |
| pull_request: | |
| branches: [main] | |
| push: | |
| branches: [main] | |
| schedule: | |
| - cron: "30 4 * * 1" # Weekly Monday 04:30 UTC (12:30 CST) | |
| workflow_dispatch: | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| jobs: | |
| scan-scheduled: | |
| if: github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' | |
| uses: google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@9a498708959aeaef5ef730655706c5a1df1edbc2 # v2.3.8 | |
| with: | |
| scan-args: |- | |
| -r | |
| ./ | |
| scan-pr: | |
| if: github.event_name == 'pull_request' | |
| uses: google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@9a498708959aeaef5ef730655706c5a1df1edbc2 # v2.3.8 | |
| with: | |
| scan-args: |- | |
| -r | |
| ./ | |
| # Fork PRs have read-only GITHUB_TOKEN; skip SARIF upload to avoid | |
| # security-events:write permission failure. Scan still runs and | |
| # results are visible in the workflow output. | |
| upload-sarif: ${{ github.event.pull_request.head.repo.full_name == github.repository }} |