# This is a basic workflow to help you get started with Actions

name: CI

# Controls when the workflow will run
on:
  # Triggers the workflow on push or pull request events but only for the master branch
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  build:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v2

      # Runs a single command using the runners shell
      - name: Run a one-line script
        run: echo Hello, world!

      # Runs a set of commands using the runners shell
      - name: Run a multi-line script
        run: |
          echo Add other actions to build,
          echo test, and deploy your project.
      - name: Easy detect-secrets
  # You may pin to the exact commit or the version.
  # uses: RobertFischer/detect-secrets-action@fa2d02975bad47bd65e5752377d0ded2714c985f
        uses: RobertFischer/detect-secrets-action@v2.0.0
      - name: Security and Licence Scan
  # You may pin to the exact commit or the version.
  # uses: ShiftLeftSecurity/scan-action@54980bbdae434b8e7903cfcffa98a2601c207962
        uses: ShiftLeftSecurity/scan-action@v1.3.0
        with:
    # Source directory to scan. Defaults to /github/workspace
          src: /github/workspace
    # Output directory for the generated reports. Defaults to /github/workspace/reports
          output: /github/workspace/reports
    # Project type. Eg: credscan, java, python, nodejs, depscan etc. Comma separated values allowed.
          #type: # optional