diff options
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/fossier-scan.yml | 51 | ||||
| -rw-r--r-- | .github/workflows/fossier.yml | 26 |
2 files changed, 77 insertions, 0 deletions
diff --git a/.github/workflows/fossier-scan.yml b/.github/workflows/fossier-scan.yml new file mode 100644 index 00000000..784ab36c --- /dev/null +++ b/.github/workflows/fossier-scan.yml @@ -0,0 +1,51 @@ +name: Fossier Scan All PRs + +on: + workflow_dispatch: + inputs: + dry-run: + description: "Dry run - evaluate but don't take actions" + type: boolean + default: false + +permissions: + contents: read + pull-requests: write + issues: write + +jobs: + scan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Set up uv + uses: astral-sh/setup-uv@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: "3.13" + + - name: Install fossier + run: uv pip install --system . + + - name: Restore DB cache + uses: actions/cache@v4 + with: + path: .fossier.db + key: fossier-db-${{ github.repository }} + restore-keys: | + fossier-db-${{ github.repository }} + + - name: Scan open PRs + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + FLAGS="--format table" + if [ "${{ inputs.dry-run }}" = "true" ]; then + FLAGS="$FLAGS --dry-run" + else + FLAGS="$FLAGS --execute" + fi + fossier scan $FLAGS diff --git a/.github/workflows/fossier.yml b/.github/workflows/fossier.yml new file mode 100644 index 00000000..ff60125b --- /dev/null +++ b/.github/workflows/fossier.yml @@ -0,0 +1,26 @@ +name: Fossier PR Check +on: + pull_request_target: + types: [opened, synchronize] + +permissions: + pull-requests: write + issues: write + +jobs: + check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: PThorpe92/fossier@main + id: fossier + with: + contact-url: "https://discord.gg/Fq8bJSKPHh" + github-token: ${{ secrets.GITHUB_TOKEN }} + # Optional: connect to the global spam registry + # registry-api-key: ${{ secrets.FOSSIER_REGISTRY_API_KEY }} + + - name: Handle result + if: steps.fossier.outputs.outcome == 'deny' + run: echo "PR denied with score ${{ steps.fossier.outputs.score }}" |