(maint) Add step to mend scan GHA to report any vulns found

Magisus · Magisus · commit 2f23b7f97ff8 · 2025-06-25T14:20:07.000-07:00
diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml
@@ -4,6 +4,9 @@ on:
   push:
     branches:
       - main
+      - puppet8
+  pull_request:
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -37,3 +40,12 @@ jobs:
         WS_USERKEY: ${{ secrets.MEND_TOKEN }}
         WS_PRODUCTNAME: CD4PE
         WS_PROJECTNAME:  ${{ github.event.repository.name }}
+    - name: "report vulnerabilities"
+        id: vulnerabilities
+        uses: puppetlabs/get-mend-vulnerabilities@v2
+        with:
+          product_token: ${{ secrets.MEND_PRODUCT_TOKEN }}
+          product_display_name: "CD4PE"
+          user_token: ${{ secrets.MEND_TOKEN }}
+          fail_on_alert: "true"
+          projects: "puppet-dev-tools"
