# This is a basic workflow to help you get started with Actions

name: CI

# Controls when the workflow will run
on:
  # Triggers the workflow on push or pull request events but only for the master branch
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  build:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v2        

      # Runs a single command using the runners shell
      - name: Run a one-line script
        run: echo Hello, world!

      - name: Easy detect-secrets
        env:
          DS_ADDL_ARGS: '--only-verified'
  # You may pin to the exact commit or the version.
  # uses: RobertFischer/detect-secrets-action@fa2d02975bad47bd65e5752377d0ded2714c985f
        uses: RobertFischer/detect-secrets-action@v2.0.0
      - name: Commit back .secrets.baseline (if it was missing)
        uses: stefanzweifel/git-auto-commit-action@v4
        if: ${{ always() }}   
        with:
          commit_message: "build(detect-secrets): Commit the newly-generated .secrets.baseline file"
      - name: detect-secrets with reviewdog
        if: ${{ always() }}
        uses: reviewdog/action-detect-secrets@master
        with:
          github_token: ${{ secrets.GH_TOKEN }}
          reporter: github-pr-review # Change reporter.
      - name: Security and Licence Scan      
  # You may pin to the exact commit or the version.
  # uses: ShiftLeftSecurity/scan-action@54980bbdae434b8e7903cfcffa98a2601c207962
        uses: ShiftLeftSecurity/scan-action@v1.3.0
        if: ${{ always() }}        
          # Source directory to scan. Defaults to /github/workspace
        with:
          src: /github/workspace
    # Output directory for the generated reports. Defaults to /github/workspace/reports
          output: /github/workspace/reports
    # Project type. Eg: credscan, java, python, nodejs, depscan etc. Comma separated values allowed.
          #type: # optional