mirror of
https://github.com/bitwarden/android.git
synced 2026-02-05 07:28:04 -06:00
49 lines
1.2 KiB
YAML
49 lines
1.2 KiB
YAML
name: Scan Pull Requests
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
types: [opened, synchronize, reopened]
|
|
branches-ignore:
|
|
- main
|
|
pull_request_target: # zizmor: ignore[dangerous-triggers]
|
|
types: [opened, synchronize, reopened]
|
|
branches:
|
|
- main
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
check-run:
|
|
name: Check PR run
|
|
uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
|
|
permissions:
|
|
contents: read
|
|
|
|
sast:
|
|
name: Checkmarx
|
|
uses: bitwarden/gh-actions/.github/workflows/_checkmarx.yml@main
|
|
needs: check-run
|
|
secrets:
|
|
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
|
|
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
security-events: write
|
|
id-token: write
|
|
|
|
quality:
|
|
name: Sonar
|
|
uses: bitwarden/gh-actions/.github/workflows/_sonar.yml@main
|
|
needs: check-run
|
|
secrets:
|
|
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
|
|
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
id-token: write
|