diff --git a/.github/workflows/frogbot-scan-pull-request.yml b/.github/workflows/frogbot-scan-pull-request.yml deleted file mode 100644 index 00ce181..0000000 --- a/.github/workflows/frogbot-scan-pull-request.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: "Frogbot Scan Pull Request" -on: - pull_request_target: - types: [opened, synchronize] -permissions: - pull-requests: write - contents: read - # [Mandatory If using OIDC authentication protocol instead of JF_ACCESS_TOKEN] - id-token: write -jobs: - scan-pull-request: - runs-on: ubuntu-latest-4-cores - # container: - # # Official .NET SDK image with python3-virtualenv package installed. One-time manual creation. - # image: azuekubeacr03.azurecr.io/dotnet/sdk-python3-virtualenv:9.0.201-noble-amd64 - # A pull request needs to be approved before Frogbot scans it. Any GitHub user who is associated with the - # "frogbot" GitHub environment can approve the pull request to be scanned. - # environment: frogbot - steps: - - uses: jfrog/frogbot@v2 - env: - # [Mandatory] - # JFrog platform URL - # Temporary JFrog SaaS instance, hosted by JFrog for new feature evaluation. - # Accessible from GitHub-hosted runners. - JF_URL: https://ansyscpp.jfrog.io/ - - # [Mandatory if JF_USER and JF_PASSWORD are not provided] - # JFrog access token with 'read' permissions on Xray service - # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - - # [Mandatory if JF_ACCESS_TOKEN is not provided] - # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD - # JF_USER: ${{ secrets.JF_USER }} - - # [Mandatory if JF_ACCESS_TOKEN is not provided] - # JFrog password. Must be provided with JF_USER - # JF_PASSWORD: ${{ secrets.JF_PASSWORD }} - - # [Mandatory] - # The GitHub token is automatically generated for the job - JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # [Mandatory if using OIDC authentication protocol instead of JF_ACCESS_TOKEN] - # Insert to oidc-provider-name the 'Provider Name' defined in the OIDC integration configured in the JPD - # OIDC identiy mappings are defined in JFrog Platform administration -> General Management -> Manage Integrations - with: - oidc-provider-name: "github-actions-oidc" - oidc-audience: GitHub ansys-internal CI/CD Pipelines \ No newline at end of file diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml index 360486a..f27b00b 100644 --- a/.github/workflows/frogbot-scan-repository.yml +++ b/.github/workflows/frogbot-scan-repository.yml @@ -1,15 +1,24 @@ name: "Frogbot Scan Repository" -on: - workflow_dispatch: +on: + pull_request_target: + # Triggers scan-pr flow for every opened/updated pull request + types: [opened, synchronize] + push: + # Triggers scan-repo flow for every push to the specified branches + branches: + - main schedule: - # The repository will be scanned once a day at 00:00 GMT. - - cron: "0 0 * * *" + # The repository will be scanned every Monday at 00:00 GMT (Can be change according to your needs). + - cron: "0 0 * * 1" + workflow_dispatch: # The repository will be scanned on demand + permissions: contents: write pull-requests: write security-events: write # [Mandatory If using OIDC authentication protocol instead of JF_ACCESS_TOKEN] id-token: write + jobs: scan-repository: runs-on: ubuntu-latest-4-cores @@ -52,4 +61,4 @@ jobs: # Insert to oidc-provider-name the 'Provider Name' defined in the OIDC integration configured in the JPD with: oidc-provider-name: "github-actions-oidc" - oidc-audience: GitHub ansys-internal CI/CD Pipelines \ No newline at end of file + oidc-audience: GitHub ansys-internal CI/CD Pipelines