From 297ac7e4609fcefadcc1f280d75a7520e0873794 Mon Sep 17 00:00:00 2001
From: Rex P <106129829+another-rex@users.noreply.github.com>
Date: Mon, 18 Dec 2023 14:33:24 +1100
Subject: [PATCH] Unify OSV scanner action (#711)

Combine the 2 osv-scanner actions into one file.

This is an example of what will be shown in the starter-workflows
example, allowing us to have one starter-workflow that does both PR
scanning and scheduled scanning.

Ideally we can hide the skipped workflows, but that's not possible at
the moment: https://github.com/orgs/community/discussions/18001
---
 .github/workflows/osv-scanner-pr.yml          | 34 -------------------
 ...led.yml => osv-scanner-unified-action.yml} | 25 +++++++++++---
 2 files changed, 20 insertions(+), 39 deletions(-)
 delete mode 100644 .github/workflows/osv-scanner-pr.yml
 rename .github/workflows/{osv-scanner-scheduled.yml => osv-scanner-unified-action.yml} (59%)

diff --git a/.github/workflows/osv-scanner-pr.yml b/.github/workflows/osv-scanner-pr.yml
deleted file mode 100644
index 02cc7cbb8c9..00000000000
--- a/.github/workflows/osv-scanner-pr.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright 2023 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-name: OSV-Scanner PR Scan
-
-on:
-  pull_request:
-    branches: [main]
-  merge_group:
-    branches: [main]
-
-jobs:
-  scan-pr:
-    uses: "./.github/workflows/osv-scanner-reusable-pr.yml"
-    with:
-      # Just scan the root directory and docs, since everything else is fixtures
-      scan-args: |-
-        --skip-git
-        ./
-        ./docs/
-    permissions:
-      security-events: write
-      contents: read
diff --git a/.github/workflows/osv-scanner-scheduled.yml b/.github/workflows/osv-scanner-unified-action.yml
similarity index 59%
rename from .github/workflows/osv-scanner-scheduled.yml
rename to .github/workflows/osv-scanner-unified-action.yml
index d863a71ee44..e9489442eee 100644
--- a/.github/workflows/osv-scanner-scheduled.yml
+++ b/.github/workflows/osv-scanner-unified-action.yml
@@ -15,13 +15,24 @@
 name: OSV-Scanner Scheduled Scan
 
 on:
+  pull_request:
+    branches: ["main"]
+  merge_group:
+    branches: ["main"]
   schedule:
     - cron: "12 12 * * 1"
   push:
     branches: ["main"]
 
+permissions:
+  # Require writing security events to upload SARIF file to security tab
+  security-events: write
+  # Read commit contents
+  contents: read
+
 jobs:
   scan-scheduled:
+    if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
     uses: "./.github/workflows/osv-scanner-reusable.yml"
     with:
       # Just scan the root directory and docs, since everything else is fixtures
@@ -29,8 +40,12 @@ jobs:
         --skip-git
         ./
         ./docs/
-    permissions:
-      # Require writing security events to upload SARIF file to security tab
-      security-events: write
-      # Read commit contents
-      contents: read
+  scan-pr:
+    if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
+    uses: "./.github/workflows/osv-scanner-reusable-pr.yml"
+    with:
+      # Just scan the root directory and docs, since everything else is fixtures
+      scan-args: |-
+        --skip-git
+        ./
+        ./docs/