Skip to content

Commit

Permalink
Backport of ci: update the security-scanner gha token into release/1.…
Browse files Browse the repository at this point in the history
…5.x (#623)

* Update security-scan.yml

---------

Co-authored-by: Deniz Onur Duzgun <[email protected]>
  • Loading branch information
1 parent 6c9d1fc commit e83b479
Showing 1 changed file with 5 additions and 7 deletions.
12 changes: 5 additions & 7 deletions .github/workflows/security-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,20 +9,19 @@ on:
branches:
- main
- release/**
paths-ignore:
- '_doc/**'
- '.changelog/**'

# cancel existing runs of the same workflow on the same ref
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true

jobs:
conditional-skip:
uses: ./.github/workflows/reusable-conditional-skip.yml

get-go-version:
# Cascades down to test jobs
needs: [conditional-skip]
if: needs.conditional-skip.outputs.skip-ci != 'true'
uses: ./.github/workflows/reusable-get-go-version.yml

scan:
Expand All @@ -46,8 +45,7 @@ jobs:
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
repository: hashicorp/security-scanner
#TODO: replace w/ HASHIBOT_PRODSEC_GITHUB_TOKEN once provisioned
token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
token: ${{ secrets.PRODSEC_SCANNER_READ_ONLY }}
path: security-scanner
ref: main

Expand All @@ -66,4 +64,4 @@ jobs:
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@c4fb451437765abf5018c6fbf22cce1a7da1e5cc # codeql-bundle-v2.17.1
with:
sarif_file: results.sarif
sarif_file: results.sarif

0 comments on commit e83b479

Please sign in to comment.