name: Run TAS

on:
  pull_request:
  workflow_dispatch:
    inputs:
      branch:
        description: "The branch to run TAS on"
        required: true
        default: "main"
  schedule:
    - cron: "0 6 * * 5"

jobs:
  run-tas:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - uses: https://gitea.t000-n.de/t.behrendt/trivy-actions/setup-trivy@a6508d695d7bb6137f14372392d5c312c98225cf # 1.4.7
      - uses: https://gitea.t000-n.de/t.behrendt/trivy-actions/setup-db@a6508d695d7bb6137f14372392d5c312c98225cf # 1.4.7
      - env:
          TRIVY_CACHE_DIR: ${{ runner.temp }}/trivy
        run: |
          trivy config --cache-dir "$TRIVY_CACHE_DIR" --exit-code 0 --format sarif --output sarif.json .
      - uses: https://gitea.t000-n.de/t.behrendt/tas-actions/tas-upload-sarif@5e1031a9eff4a83fc17d0893332ad896386c082f # 0.0.3
        with:
          tas-base-url: ${{ vars.TAS_BASE_URL }}
          sarif-file: sarif.json
          owner: t.behrendt
          repo: validate-json-by-json-schema-action
          branch: ${{ inputs.branch || github.head_ref || 'main' }}