jaeger/.github/workflows/fossa.yml at 5f6cfc180955593c826f81104e81120975ac088f · jaegertracing/jaeger · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
name: FOSSA

on:
  workflow_call:

# See https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
permissions:
  contents: read

jobs:
  fossa-license-scan:
    runs-on: ubuntu-latest

    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0

      - uses: ./.github/actions/setup-go
        with:
          go-version: 1.26.x

      - name: Add GOPATH
        run: |
          echo "GOPATH=$(go env GOPATH)"
          echo "GOPATH=$(go env GOPATH)" >>"$GITHUB_ENV"
          echo "$GOPATH/bin" >>"$GITHUB_PATH"

      - name: Run FOSSA scan and upload report
        uses: fossa-contrib/fossa-action@3d2ef181b1820d6dcd1972f86a767d18167fa19b # v3.0.1
        with:
          # FOSSA Push-Only API Token
          fossa-api-key: 304657e2357ba57b416b94e6b119131b
          github-token: ${{ github.token }}