.github/workflows/license_scan.yml

name: Trivy License Scan

on:
  push:

jobs:
  license_scan1:
    name: License scan (rootfs)
    runs-on: ubuntu-latest
    timeout-minutes: 30
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Run license scanner
        uses: aquasecurity/trivy-action@0.26.0
        env:
          #try default GitHub DBs, if failing, use AWS mirror instead (https://github.com/aquasecurity/trivy-action/issues/389)
          TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
          TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
        with:
          scan-type: "rootfs"
          scan-ref: "."
          scanners: "license"
          severity: "CRITICAL,HIGH"
          exit-code: 1
  license_scan2:
    name: License scan (repo)
    runs-on: ubuntu-latest
    timeout-minutes: 30
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: npm install (authority-portal-api-client-ts)
        run: cd authority-portal-backend/authority-portal-api-client-ts && npm install
      - name: npm install (authority-portal-frontend)
        run: cd authority-portal-frontend && npm install
      - name: Run license scanner
        uses: aquasecurity/trivy-action@0.26.0
        env:
          #try default GitHub DBs, if failing, use AWS mirror instead (https://github.com/aquasecurity/trivy-action/issues/389)
          TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
          TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
        with:
          scan-type: "repo"
          scan-ref: "."
          scanners: "license"
          severity: "CRITICAL,HIGH"
          exit-code: 1