change trigger

open-component-model · Feb 27, 2025 · b4bd03e · b4bd03e
1 parent 01ac79e
commit b4bd03e
Showing 1 changed file with 13 additions and 39 deletions.
diff --git a/.github/workflows/blackduck_scan.yaml b/.github/workflows/blackduck_scan.yaml
@@ -1,11 +1,11 @@
 name: Blackduck SCA Scan
 on:
-  #push:
-  #  branches: [ "main" ]
-  #pull_request:
-  #  branches: [ "main" ]
+  push:
+    branches: [ "main" ]
+  pull_request_target:
+    branches: [ "main" ]
   schedule:
-    - cron:  '5 0 * * 0'
+    - cron:  '1 0 * * 0'
   workflow_dispatch:
 
 permissions:
@@ -17,38 +17,11 @@ jobs:
     runs-on: [ ubuntu-latest ]
     steps:
       - name: Checkout code
+        if: github.event_name != 'pull_request_target'
         uses: actions/checkout@v4
-
-      - name: Setup Go
-        uses: actions/setup-go@v5
-        with:
-          go-version-file: '${{ github.workspace }}/go.mod'
-          cache: false
-
-      - name: Get go environment for use with cache
-        run: |
-          echo "go_cache=$(go env GOCACHE)" >> $GITHUB_ENV
-          echo "go_modcache=$(go env GOMODCACHE)" >> $GITHUB_ENV
-      # This step will only reuse the go mod and build cache from main made during the Build,
-      # see push_ocm.yaml => "ocm-cli-latest" Job
-      # This means it never caches by itself and PRs cannot cause cache pollution / thrashing
-      # This is because we have huge storage requirements for our cache because of the mass of dependencies
-
-      - name: Restore / Reuse Cache from central build
-        id: cache-golang-restore
-        uses: actions/cache/restore@v4 # Only Restore, not build another cache (too big)
-        with:
-          path: |
-            ${{ env.go_cache }}
-            ${{ env.go_modcache }}
-          key: ${{ env.cache_name }}-${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ hashFiles('**/go.mod') }}
-          restore-keys: |
-            ${{ env.cache_name }}-${{ runner.os }}-go-
-        env:
-          cache_name: ocm-cli-latest-go-cache # needs to be the same key in the end as in the build step
-
-      - name: Run Black Duck Full SCA Scan (Manual Trigger and Scheduled)
-        if: github.event_name == 'workflow_dispatch' || github.event_name == 'schedule'
+
+      - name: Run Black Duck Full SCA Scan (Push, Manual Trigger or Schedule)
+        if: ${{ github.event_name != 'pull_request_target' }} 
         uses: blackduck-inc/black-duck-security-scan@v2.0.0
         env:
           DETECT_PROJECT_USER_GROUPS: opencomponentmodel
@@ -63,9 +36,9 @@ jobs:
           blackducksca_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
           blackducksca_scan_full: true
 
-      - name: Run Black Duck SCA Scan (Pull Request or Push)
-        if: github.event_name != 'workflow_dispatch'
-            # The action sets blackducksca_scan_full internally: for pushes to true and PRs to false
+      - name: Run Black Duck SCA Scan (Pull Requests)
+        if: ${{ github.event_name == 'pull_request_target' }}
+           # The action sets blackducksca_scan_full internally: for pushes to true and PRs to false
         uses: blackduck-inc/black-duck-security-scan@v2.0.0
         env:
           DETECT_PROJECT_USER_GROUPS: opencomponentmodel
@@ -77,4 +50,5 @@ jobs:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           blackducksca_url: ${{ secrets.BLACKDUCK_URL }}
           blackducksca_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          blackducksca_scan_full: false
           blackducksca_prComment_enabled: true