mirror of
https://github.com/bitwarden/directory-connector
synced 2025-12-05 23:53:21 +00:00
52 lines
1.2 KiB
YAML
52 lines
1.2 KiB
YAML
name: Scan
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
branches:
|
|
- "main"
|
|
pull_request:
|
|
types: [opened, synchronize, reopened]
|
|
branches-ignore:
|
|
- "main"
|
|
pull_request_target:
|
|
types: [opened, synchronize, reopened]
|
|
branches:
|
|
- "main"
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
check-run:
|
|
name: Check PR run
|
|
uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
|
|
permissions:
|
|
contents: read
|
|
|
|
sast:
|
|
name: Checkmarx
|
|
uses: bitwarden/gh-actions/.github/workflows/_checkmarx.yml@main
|
|
needs: check-run
|
|
secrets:
|
|
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
|
|
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
security-events: write
|
|
id-token: write
|
|
|
|
quality:
|
|
name: Sonar
|
|
uses: bitwarden/gh-actions/.github/workflows/_sonar.yml@main
|
|
needs: check-run
|
|
secrets:
|
|
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
|
|
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
id-token: write
|
|
|