From 8819d3aebca68b5a4031b2ab96f262dd2ca01943 Mon Sep 17 00:00:00 2001 From: hc-github-team-consul-core Date: Thu, 26 Sep 2024 15:59:59 -0400 Subject: [PATCH] Backport of ci: update the security-scanner gha token into release/1.1.x (#4329) * no-op commit due to failed cherry-picking * Update security-scan.yml --------- Co-authored-by: temp Co-authored-by: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com> --- .github/workflows/security-scan.yml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index c2ae3f0a2b..8e28a0f58c 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -9,6 +9,9 @@ on: branches: - main - release/** + paths-ignore: + - 'assets/**' + - '.changelog/**' # cancel existing runs of the same workflow on the same ref concurrency: @@ -16,13 +19,9 @@ concurrency: cancel-in-progress: true jobs: - conditional-skip: - uses: ./.github/workflows/reusable-conditional-skip.yml get-go-version: # Cascades down to test jobs - needs: [ conditional-skip ] - if: needs.conditional-skip.outputs.skip-ci != 'true' uses: ./.github/workflows/reusable-get-go-version.yml scan: @@ -46,8 +45,7 @@ jobs: uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: repository: hashicorp/security-scanner - #TODO: replace w/ HASHIBOT_PRODSEC_GITHUB_TOKEN once provisioned - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} + token: ${{ secrets.PRODSEC_SCANNER_READ_ONLY }} path: security-scanner ref: main @@ -66,4 +64,4 @@ jobs: - name: Upload SARIF file uses: github/codeql-action/upload-sarif@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # codeql-bundle-v2.17.2 with: - sarif_file: results.sarif \ No newline at end of file + sarif_file: results.sarif