MSDO/msdo-main-pipeline.yml at main · theangrytech-git/MSDO · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
name: msdo-main-pipeline

on:
  workflow_call:
    inputs:
      branch:
        required: false
        type: string
        default: 'main'
    secrets:
      GH_TOKEN:
        required: false

jobs:
  msdo-dynamic-scanning:
    uses: ./.github/workflows/msdo-dynamic-scanning.yml
    permissions:
      contents: read
      id-token: write
      actions: read
      security-events: write
    with:
      branch: ${{ inputs.branch }}
    secrets:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  secret-scan-credscan:
    uses: ./.github/workflows/msdo-credscan.yml
    permissions:
      contents: read
      id-token: write
      actions: read
      security-events: write
    needs: msdo-dynamic-scanning
    secrets:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  secret-scan-trufflehog:
    uses: ./.github/workflows/msdo-trufflehog.yml
    permissions:
      contents: read
      id-token: write
      actions: read
      security-events: write
    needs: secret-scan-credscan
    secrets:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  secret-scan-gitleaks:
    uses: ./.github/workflows/msdo-gitleaks.yml
    permissions:
      contents: read
      id-token: write
      actions: read
      security-events: write
    needs: secret-scan-trufflehog
    secrets:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}