Bump actions/checkout from 5 to 6 #231
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Black Duck Policy Check | |
| on: | |
| pull_request: | |
| pull_request_target: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| check_approvals: | |
| runs-on: ubuntu-latest | |
| # Run this job only if the following conditions are met: | |
| # 1. The pull request has the 'integration-test' label. | |
| # 2. The event is either: | |
| # a. A 'pull_request' event where the base and head repositories are the same (internal PR). | |
| # b. A 'pull_request_target' event where the base and head repositories are different (external PR). | |
| if: ${{ contains(github.event.pull_request.labels.*.name, 'integration-test') && | |
| (( github.event_name == 'pull_request' && github.event.pull_request.base.repo.clone_url == github.event.pull_request.head.repo.clone_url) || | |
| (github.event_name == 'pull_request_target' && github.event.pull_request.base.repo.clone_url != github.event.pull_request.head.repo.clone_url )) }} | |
| outputs: | |
| # Output the approval status for pull_request_target events, otherwise default to 'true' | |
| check_approvals: ${{ github.event_name == 'pull_request_target' && steps.check_approvals.outputs.check_approvals || 'true' }} | |
| # Output whether the PR is external | |
| external_pr: ${{ github.event.pull_request.base.repo.clone_url != github.event.pull_request.head.repo.clone_url }} | |
| steps: | |
| - name: Check integration test allowance status | |
| # Only run this step for pull_request_target events | |
| if: ${{ github.event_name == 'pull_request_target' }} | |
| id: check_approvals | |
| # Use an external action to check if the PR has the necessary approvals | |
| uses: nutanix-cloud-native/action-check-approvals@v1 | |
| security: | |
| needs: check_approvals | |
| if: ${{ (github.event_name == 'pull_request' && needs.check_approvals.outputs.external_pr == 'false') || (github.event_name == 'pull_request_target' && needs.check_approvals.outputs.external_pr == 'true' && needs.check_approvals.outputs.check_approvals == 'true') }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Black Duck Full Scan | |
| if: ${{ github.event_name != 'pull_request' }} | |
| uses: synopsys-sig/[email protected] | |
| env: | |
| DETECT_PROJECT_NAME: ${{ github.event.repository.name }} | |
| with: | |
| blackduck_url: ${{ secrets.BLACKDUCK_URL }} | |
| blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| blackduck_scan_full: true | |
| blackduck_scan_failure_severities: 'BLOCKER,CRITICAL' | |
| - name: Black Duck PR Scan | |
| if: ${{ github.event_name == 'pull_request' }} | |
| uses: synopsys-sig/[email protected] | |
| env: | |
| DETECT_PROJECT_VERSION_NAME: ${{ github.base_ref }} | |
| DETECT_PROJECT_NAME: ${{ github.event.repository.name }} | |
| with: | |
| blackduck_url: ${{ secrets.BLACKDUCK_URL }} | |
| blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| blackduck_scan_full: false | |
| blackduck_automation_prcomment: true |