Backport of ci: update the security-scanner gha token into release/1.…

…1.x (#4329) * no-op commit due to failed cherry-picking * Update security-scan.yml --------- Co-authored-by: temp <[email protected]> Co-authored-by: Deniz Onur Duzgun <[email protected]>
hashicorp · Sep 26, 2024 · 8819d3a · 8819d3a
1 parent 494975f
commit 8819d3a
Showing 1 changed file with 5 additions and 7 deletions.
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -9,20 +9,19 @@ on:
     branches:
       - main
       - release/**
+    paths-ignore:
+      - 'assets/**'
+      - '.changelog/**'
 
 # cancel existing runs of the same workflow on the same ref
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
   cancel-in-progress: true
 
 jobs:
-  conditional-skip:
-    uses: ./.github/workflows/reusable-conditional-skip.yml
 
   get-go-version:
     # Cascades down to test jobs
-    needs: [ conditional-skip ]
-    if: needs.conditional-skip.outputs.skip-ci != 'true'
     uses: ./.github/workflows/reusable-get-go-version.yml
 
   scan:
@@ -46,8 +45,7 @@ jobs:
         uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
         with:
           repository: hashicorp/security-scanner
-          #TODO: replace w/ HASHIBOT_PRODSEC_GITHUB_TOKEN once provisioned
-          token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+          token: ${{ secrets.PRODSEC_SCANNER_READ_ONLY }}
           path: security-scanner
           ref: main
 
@@ -66,4 +64,4 @@ jobs:
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # codeql-bundle-v2.17.2
         with:
-          sarif_file: results.sarif
+          sarif_file: results.sarif