mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-07-01 22:50:54 +00:00
When I implemented the OSC scanner I followed the guidance on the the action repo to use a single workflow for both PR and main tests and rely on a re-usable workflow. Since then I've realised some negatives of this approach: - Unlike actions, dependabot needs custom logic to bump workflow pins, so we are more likely to be out of date - A lack of transparency/notification of when updates are needed, due to bugs/ security fixes - The dual workflow results in skipped jobs that clutter the UI - No ability to customise the pre-steps, or config As such let's take the hit of managing two workflows, in order to give us better flexibility. Also add the `--call-analysis=none` option as we run govulncheck separately, so don't want to have to compile and have a slow build Signed-off-by: stevenhorsman <steven@uk.ibm.com> Generated-By: IBM Bob