Fossa scanning workflow (4.x) (#1578)

jdonenine · web-flow · commit d954af9d59c6 · 2022-01-05T13:07:14.000-06:00
diff --git a/.github/workflows/dep-lic-scan.yaml b/.github/workflows/dep-lic-scan.yaml
@@ -0,0 +1,23 @@
+name: Dependency and License Scan
+on:
+  push:
+    branches:
+      - '4.x'
+      - '3.x'
+    paths-ignore:
+      - 'manual/**'
+      - 'faq/**'
+      - 'upgrade_guide/**'
+      - 'changelog/**'
+jobs:
+  scan-repo:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+      - name: Install Fossa CLI
+        run: |
+          curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash -s -- -b .
+      - name: Scan for dependencies and licenses
+        run: |
+          FOSSA_API_KEY=${{ secrets.FOSSA_PUSH_ONLY_API_KEY }} ./fossa analyze
