From a4aa7449624c2dca951402108473cdb91324c4a6 Mon Sep 17 00:00:00 2001
From: Thomas Leplus <thomasleplus@users.noreply.github.com>
Date: Sun, 5 May 2024 12:44:01 -0300
Subject: [PATCH] Switch to GitHub action

---
 .github/workflows/osv-scanner.yml | 62 +++++++++++++++++++++----------
 1 file changed, 42 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml
index 0844e8b..8623de9 100644
--- a/.github/workflows/osv-scanner.yml
+++ b/.github/workflows/osv-scanner.yml
@@ -1,27 +1,49 @@
 ---
-name: "OSV Scanner"
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# A sample workflow which sets up periodic OSV-Scanner scanning for vulnerabilities,
+# in addition to a PR check which fails if new vulnerabilities are introduced.
+#
+# For more examples and options, including how to ignore specific vulnerabilities,
+# see https://google.github.io/osv-scanner/github-action/
+
+name: OSV-Scanner
 
 on:
+  pull_request:
+    branches: [ "main" ]
+  merge_group:
+    branches: [ "main" ]
   schedule:
-  - cron: '0 0 * * 0'
-  workflow_dispatch:
+    - cron: '0 0 * * 0'
+  push:
+    branches: [ "main" ]
 
-permissions: {}
+permissions:
+  # Require writing security events to upload SARIF file to security tab
+  security-events: write
+  # Read commit contents
+  contents: read
 
 jobs:
-
-  check:
-    name: Check with OSV Scanner
-    runs-on: ubuntu-latest
-    steps:
-    - name: Check out
-      uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
-    - name: Set up Go
-      uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
-      with:
-        go-version: 'stable'
-        check-latest: true
-    - name: Install OSV Scanner
-      run: go install github.com/google/osv-scanner/cmd/osv-scanner@v1
-    - name: OSV Scanner
-      run: 'PATH="${PATH}:$(go env GOPATH)/bin" osv-scanner -r .'
+  scan-scheduled:
+    if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1
+    with:
+      # Example of specifying custom arguments
+      scan-args: |-
+        -r
+        --skip-git
+        ./
+  scan-pr:
+    if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1
+    with:
+      # Example of specifying custom arguments
+      scan-args: |-
+        -r
+        --skip-git
+        ./