OSV-Scanner Scan #2

	# runs vulnerability scans and add them to Github Security tab

	name: OSV-Scanner Scan

	on:
	workflow_dispatch:
	schedule:
	- cron: "36 6 * * 1"

	permissions: {}

	jobs:
	scan-scheduled:
	permissions:
	actions: read
	contents: read
	security-events: write # for uploading SARIF files
	if: ${{ github.repository == 'metal3-io/ironic-standalone-operator' }}
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Calculate go version
	id: vars
	run: echo "go_version=$(make go-version)" >> "${GITHUB_OUTPUT}"
	- name: Set up Go
	uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
	with:
	go-version: ${{ steps.vars.outputs.go_version }}
	- name: Install OSV Scanner
	run: go install github.com/google/osv-scanner/cmd/osv-scanner@b13f37e1a1e4cb98556c1d34cd3256a876929be1 # v1.9.1
	- name: Run OSV Scanner
	run: \|
	osv-scanner scan \
	--format json --output results.json --recursive --skip-git \
	--config=<( echo "GoVersionOverride = \"${{ steps.vars.outputs.go_version }}\"" ) \
	./
	continue-on-error: true
	- name: "Run OSV Scanner Reporter"
	uses: google/osv-scanner/actions/reporter@b13f37e1a1e4cb98556c1d34cd3256a876929be1 # v1.9.1
	with:
	scan-args: \|-
	--output=results.sarif
	--new=results.json
	--gh-annotations=false
	continue-on-error: true
	- name: Upload SARIF file
	uses: github/codeql-action/upload-sarif@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
	with:
	sarif_file: results.sarif

Provide feedback