fix: Update security-scan.yml (additional fixes)

2025-11-01 00:31:09 +01:00
parent 2e8797ce1d
commit 9591ecc906
1 changed files with 18 additions and 10 deletions
--- a/.gitea/workflows/security-scan.yml
+++ b/.gitea/workflows/security-scan.yml
@@ -2,18 +2,13 @@ name: Security Vulnerability Scan

 on:
  push:
-    branches: [ main, develop, staging ]
+    branches: [ main, develop ]
  pull_request:
-    branches: [ main, develop, staging ]
+    branches: [ main, develop ]
  schedule:
    # Daily security scan at 2 AM UTC
    - cron: '0 2 * * *'
  workflow_dispatch:
-    inputs:
-      branch:
-        description: 'Branch to scan'
-        required: false
-        default: 'main'

 jobs:
  security-audit:
@@ -23,12 +18,25 @@ jobs:
    steps:
      - name: Checkout code
        run: |
+          # For pull_request events, use the head ref (source branch)
+          if [ "${{ github.event_name }}" = "pull_request" ]; then
+            REF_NAME="${{ github.head_ref || github.event.pull_request.head.ref }}"
+          elif [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            REF_NAME="${{ inputs.branch || github.ref_name }}"
+          else
            REF_NAME="${{ github.ref_name }}"
-          REPO="${{ github.repository }}"
-          if [ -z "$REF_NAME" ]; then
+          fi
+          
+          # Fallback to main if REF_NAME is still empty
+          if [ -z "$REF_NAME" ] || [ "$REF_NAME" = "" ]; then
            REF_NAME="main"
          fi
          
+          REPO="${{ github.repository }}"
+          
+          echo "📋 Cloning branch: $REF_NAME"
+          echo "📦 Repository: $REPO"
+          
          # Use CI token if available, otherwise try public access
          if [ -n "${{ secrets.CI_TOKEN }}" ]; then
            git clone --depth 1 --branch "$REF_NAME" \