-
Notifications
You must be signed in to change notification settings - Fork 6
38 lines (30 loc) · 1.02 KB
/
pr-security.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
---
# onemedical/<repo>/.github/workflows/pr-security.yaml
#
# This is the workflow for distribution to repositories across the organization.
# It will call the reusable PR security workflow, and run scans against each PR.
name: PR Security
# yamllint disable-line rule:truthy
on:
pull_request:
branches: [main, master]
push:
branches:
- gh-readonly-queue/master/**
permissions:
# Required for workflows in private repositories.
contents: read
# Required to write summary PR comments of results.
pull-requests: write
# Required for SARIF results upload to GHAS.
security-events: write
actions: read
jobs:
# Run the reusable workflow.
run-workflow:
name: Run Workflow
# yamllint disable-line rule:line-length
uses: onemedical/github-reusable-workflows/.github/workflows/reusable-pr-security.yaml@main
# The detect-secrets tool is used in some repositories, and generates false
# positives like the one below. Add comment to ignore.
secrets: inherit # pragma: allowlist secret