Merge pull request #453 from LiZhenCheng9527/security-readme #32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: FOSSA | |
on: | |
pull_request: | |
push: | |
jobs: | |
fossa: | |
name: FOSSA | |
# prevent job running from forked repository, otherwise | |
# 1. running on the forked repository would fail as missing necessary secret. | |
# 2. running on the forked repository would use unnecessary GitHub Action time. | |
if: ${{ github.repository == 'kurator-dev/kurator' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout code | |
uses: actions/checkout@v3 | |
- name: Run FOSSA scan and upload build data | |
uses: fossas/fossa-action@v1 | |
with: | |
api-key: 52392c2ed6e57abf81790fb2d4ca15c1 # it's impossible to do with secrets when the workflow runs on the pull request event due to GitHub's constraints. |