Backport of ci: update the security-scanner gha token into release/1.…

…5.x (#4332) * no-op commit due to failed cherry-picking * Update security-scan.yml --------- Co-authored-by: temp <[email protected]> Co-authored-by: Deniz Onur Duzgun <[email protected]>
hashicorp · Sep 26, 2024 · b1d8830 · b1d8830
1 parent f0b7355
commit b1d8830
Showing 1 changed file with 5 additions and 8 deletions.
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -9,20 +9,18 @@ on:
     branches:
       - main
       - release/**
+    paths-ignore:
+      - 'assets/**'
+      - '.changelog/**'
 
 # cancel existing runs of the same workflow on the same ref
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
   cancel-in-progress: true
 
 jobs:
-  conditional-skip:
-    uses: ./.github/workflows/reusable-conditional-skip.yml
-
   get-go-version:
     # Cascades down to test jobs
-    needs: [ conditional-skip ]
-    if: needs.conditional-skip.outputs.skip-ci != 'true'
     uses: ./.github/workflows/reusable-get-go-version.yml
 
   scan:
@@ -46,8 +44,7 @@ jobs:
         uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
         with:
           repository: hashicorp/security-scanner
-          #TODO: replace w/ HASHIBOT_PRODSEC_GITHUB_TOKEN once provisioned
-          token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+          token: ${{ secrets.PRODSEC_SCANNER_READ_ONLY }}
           path: security-scanner
           ref: main
 
@@ -66,4 +63,4 @@ jobs:
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@c4fb451437765abf5018c6fbf22cce1a7da1e5cc # codeql-bundle-v2.17.1
         with:
-          sarif_file: results.sarif
+          sarif_file: results.sarif