Add FOSSA scanning workflow (#107) #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: FOSSA Scanning | |
| on: | |
| push: | |
| branches: ["main", "master", "v[0-9]+.[0-9]+"] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| id-token: write | |
| jobs: | |
| fossa-scanning: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| # The FOSSA token is shared between all repos in Harvester's GH org. It can | |
| # be used directly and there is no need to request specific access to EIO. | |
| - name: Read FOSSA token | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/org/harvester/fossa/credentials token | FOSSA_API_KEY_PUSH_ONLY | |
| - name: FOSSA scan | |
| uses: fossas/fossa-action@main | |
| with: | |
| api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }} | |
| # Only runs the scan and do not provide/returns any results back to the | |
| # pipeline. | |
| run-tests: false |