---
name: Security scanning
# yamllint disable-line rule:truthy
on:
  schedule:
    # Run weekly on every Monday
    - cron: '0 0 * * 1'
  push:
    tags:
      - v*
    branches:
      - release-*

permissions:
  contents: read

jobs:
  security:
    if: github.repository == 'ceph/ceph-csi'
    runs-on: ubuntu-latest
    steps:
      - name: checkout
        # yamllint disable-line rule:line-length
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
        with:
          fetch-depth: 0

      - name: run Snyk to check for code vulnerabilities
        # yamllint disable-line rule:line-length
        uses: snyk/actions/golang@cdb760004ba9ea4d525f2e043745dfe85bb9077e  # master
        env:
          SNYK_TOKEN: ${{ secrets.SYNK_TOKEN }}