separate scheduled and pr-bound actions

2021-02-18 13:01:48 +13:00 · 2021-02-18 13:01:48 +13:00 · 74cc099260
parent 0cccfb540c
commit 74cc099260
2 changed files with 29 additions and 3 deletions
--- a/.github/workflows/pr-security.yml
+++ b/.github/workflows/pr-security.yml
@ -0,0 +1,27 @@
+on:
+  pull_request:
+    branches: [develop, release/**]
+  workflow_dispatch:
+
+jobs:
+  client-dependencies:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/node@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+  server-dependencies:
+    name: Scan server dependencies
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+      NANCY_VERSION: v1.0.11
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v2
+      - name: Download Nancy binary
+        run: curl -L "https://github.com/sonatype-nexus-community/nancy/releases/download/$NANCY_VERSION/nancy-$NANCY_VERSION-linux-amd64" -o nancy && chmod +x nancy
+      - name: Scan modules
+        run: cd api && go list -json -m all | ../nancy sleuth
--- a/.github/workflows/quality-scan.yml
+++ b/.github/workflows/quality-scan.yml
@ -1,8 +1,7 @@
 on:
-  push:
-    branches: [develop, release/**, feat/ce-220-security-scan]
+  # runs on default branch
  schedule:
-    - cron: "24 11 * * *"
+    - cron: "0 11 * * *"
  workflow_dispatch:

 jobs: