-
Notifications
You must be signed in to change notification settings - Fork 57
45 lines (40 loc) · 1.14 KB
/
security-scan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
name: Security Scan
on:
pull_request:
workflow_dispatch:
inputs:
tag:
description: "The tagged release to check"
required: true
jobs:
scan_repository:
name: Scan repository
runs-on: ubuntu-latest
steps:
- name: Checkout project
uses: actions/checkout@v4
with:
submodules: recursive
- name: Scan assets
uses: hugoalh/scan-virus-ghaction@v0.20.1
with:
found_summary: true
statistics_summary: true
scan_asset:
name: Scan release assets
runs-on: ubuntu-latest
# This only runs as part of workflow dispatch, otherwise only scan the repository
if: ${{ github.event.inputs.tag != '' }}
steps:
- name: Download assets (Specific Tag)
if: ${{ github.event.inputs.tag != '' }}
uses: robinraju/release-downloader@v1.11
with:
tag: ${{ github.event.inputs.tag }}
extract: true
fileName: "godot-orchestrator*plugin.zip"
- name: Scan assets
uses: hugoalh/scan-virus-ghaction@v0.20.1
with:
found_summary: true
statistics_summary: true