Add FOSSA scanning workflow #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: FOSSA Scanning | |
| on: | |
| push: | |
| branches: ["main", "master", "release/**"] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| id-token: write | |
| jobs: | |
| fossa-scanning: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| # The FOSSA token is shared between all repos in Rancher's GH org. It can be | |
| # used directly and there is no need to request specific access to EIO. | |
| - name: Read FOSSA token | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/org/rancher/fossa/push token | FOSSA_API_KEY_PUSH_ONLY | |
| - name: FOSSA scan | |
| uses: fossas/fossa-action@main | |
| with: | |
| api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }} | |
| # Only runs the scan and do not provide/returns any results back to the | |
| # pipeline. | |
| run-tests: false |