Skip to content

forward-port PRs 11997 and 12018 (#12046) #329

forward-port PRs 11997 and 12018 (#12046)

forward-port PRs 11997 and 12018 (#12046) #329

Workflow file for this run

name: FOSSA Scanning
on:
# List the branches that must be scanned when a push event happens.
push:
branches: ["master", "release-*"]
# For manual scans.
workflow_dispatch:
permissions:
# Basic read access needed.
contents: read
# Required to authenticate in EIO's Vault.
id-token: write
jobs:
fossa-scanning:
# For when running in EIO's provided runners. More details are available in
# https://github.com/rancherlabs/eio/wiki/GitHub-Actions-Runners .
runs-on: org-${{ github.repository_owner_id }}-amd64-k8s
# Use the BCI Node.js container when running in EIO's provided runners,
# because the Node.js runtime is needed. If using public GH provided runners,
# a container isn't necessary, because they already provide the runtime, but
# the BCI image can still be used anyway.
container: registry.suse.com/bci/nodejs:20
steps:
- name: Checkout
uses: actions/checkout@v4
# The FOSSA token is shared between all repos in Rancher's GH org. It can
# be used directly and there is no need to request specific access to EIO.
- name: Read FOSSA token
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/org/rancher/fossa/push token | FOSSA_API_KEY_PUSH_ONLY
- name: FOSSA scan
uses: fossas/fossa-action@main
with:
api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }}
# Only runs the scan and do not provide/returns any results back to the
# pipeline.
run-tests: false