File tree Expand file tree Collapse file tree 3 files changed +5
-11
lines changed Expand file tree Collapse file tree 3 files changed +5
-11
lines changed Original file line number Diff line number Diff line change @@ -475,14 +475,13 @@ jobs:
475475# this is a call to a workflow_call
476476 pr-vendor-vulnerability-analysis :
477477 needs : modified-vendor-files
478- if : ${{ needs.modified-vendor-files.outputs.vendor-files == 'true' && github.event_name == 'pull_request'}}
478+ if : ${{ needs.modified-vendor-files.outputs.vendor-files == 'true' && github.event_name == 'pull_request' && github.repository == 'erlang/otp' }}
479479 permissions :
480- security-events : read
481- issues : write
480+ actions : read
482481 name : Vendor Vulnerability Scanning
483482 uses : ./.github/workflows/reusable-vendor-vulnerability-scanner.yml
484483 with :
485- fail_if_cve : false
484+ fail_if_cve : true
486485 checkout : true
487486 version : ${{ github.event_name == 'pull_request' && github.base_ref || github.ref_name }}
488487 # equivalent of ${{ env.BASE_BRANCH }} but reusable-workflows do not allow to pass env.
Original file line number Diff line number Diff line change 5757 type : ${{ fromJson(needs.schedule-scan.outputs.versions) }}
5858 fail-fast : false
5959 permissions :
60- security-events : read
61- issues : write
62- actions : write
63- contents : write
64- pull-requests : write
60+ actions : read
6561 steps :
6662 # this call to a workflow_dispatch ref=master is important because
6763 # using ref={{matrix.type}} would trigger the workflow
Original file line number Diff line number Diff line change 9292 env :
9393 GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
9494 permissions :
95- security-events : read
96- issues : write
95+ actions : read
9796 steps :
9897 -
uses :
actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/[email protected] 9998 with :
You can’t perform that action at this time.
0 commit comments