fix: sample #4

Workflow file for this run

.github/workflows/security-scan.yaml at be224a7

	name: Security scanning

	on:
	pull_request:
	branches:
	- master

	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

	jobs:
	checkout:
	name: Checkout repo
	runs-on: ubuntu-latest
	if: ${{ github.actor != 'dependabot[bot]' }}

	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	fetch-depth: 0

	- name: Save repo to artifact
	uses: actions/upload-artifact@v4
	with:
	name: flutter-client
	path: .
	overwrite: true
	if-no-files-found: error
	retention-days: 1
	include-hidden-files: true

	scanning:
	name: Scan for security checks
	runs-on: ubuntu-latest
	if: ${{ github.actor != 'dependabot[bot]' }}
	strategy:
	fail-fast: false

	steps:
	- name: Download repo artifact
	uses: actions/download-artifact@v5
	with:
	name: flutter-client
	path: .

	- name: GitGuardian scan
	uses: GitGuardian/ggshield-action@v1.43.0
	env:
	GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
	GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
	GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
	GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
	GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}

	- name: Cache SonarCloud packages
	uses: actions/cache@v4
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar

	- name: Cache Gradle packages
	uses: actions/cache@v4
	with:
	path: ~/.gradle/caches
	key: ${{ runner.os }}-gradle-${{ hashFiles('*/.gradle') }}
	restore-keys: ${{ runner.os }}-gradle

	- name: Make gradlew executable
	run: \|
	ls
	chmod +x ./android/gradlew

	- name: Build
	run: \|
	./android/gradlew build sonar --info
	- name: SonarQube Scan
	uses: SonarSource/sonarqube-scan-action@v5
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: sample #4

Workflow file

fix: sample #4

Uh oh!

Workflow file for this run