Skip to content

Commit d5021c1

Browse files
committed
Run static analysis for tag manually from release workflow
1 parent f7a7f46 commit d5021c1

File tree

2 files changed

+17
-2
lines changed

2 files changed

+17
-2
lines changed

.github/workflows/release.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -163,6 +163,16 @@ jobs:
163163
echo '🚀 Created tag and drafted release for version [${{ inputs.version }}](${{ env.RELEASE_URL }})' >> $GITHUB_STEP_SUMMARY
164164
echo '✍️ You may now update the release notes and publish the release when ready' >> $GITHUB_STEP_SUMMARY
165165
166+
static-analysis:
167+
needs: prepare-release
168+
name: "Run Static Analysis"
169+
uses: ./.github/workflows/static-analysis.yml
170+
with:
171+
ref: refs/tags/${{ inputs.version }}
172+
permissions:
173+
security-events: write
174+
id-token: write
175+
166176
package-release:
167177
needs: prepare-release
168178
name: "Create Release Packages"

.github/workflows/static-analysis.yml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,12 @@ on:
1212
- "v*.*"
1313
- "master"
1414
- "feature/*"
15-
tags:
16-
- "*"
15+
workflow_call:
16+
inputs:
17+
ref:
18+
description: "The git ref to check"
19+
type: string
20+
required: true
1721

1822
jobs:
1923
semgrep:
@@ -26,6 +30,7 @@ jobs:
2630
- name: "Checkout"
2731
uses: "actions/checkout@v4"
2832
with:
33+
ref: ${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.ref }}
2934
submodules: true
3035

3136
- name: "Scan"

0 commit comments

Comments
 (0)