From ab505041da87f5086837cd5990a3d32be3796f5a Mon Sep 17 00:00:00 2001
From: Jiaqi Luo <6218999+jiaqiluo@users.noreply.github.com>
Date: Wed, 29 May 2024 15:55:18 -0700
Subject: [PATCH] update the workflow for FOSSA

---
 .github/workflows/fossa.yaml | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/fossa.yaml b/.github/workflows/fossa.yaml
index 9b502e3..344c702 100644
--- a/.github/workflows/fossa.yaml
+++ b/.github/workflows/fossa.yaml
@@ -2,8 +2,11 @@ name: Run Fossa Scan
 
 on:
   push:
-    tags:
-      - '*'
+    # v1.27, v1.28, v1.29 and so on
+    branches:
+      - "v1.*"
+  # For manual scans.
+  workflow_dispatch:
 
 jobs:
   fossa:
@@ -11,21 +14,18 @@ jobs:
     permissions:
       contents: read
       id-token: write # needed for the Vault authentication
-    continue-on-error: true # we know that fossa test will report errors
     steps:
-      - name: Load Secrets from Vault
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Read FOSSA token
         uses: rancher-eio/read-vault-secrets@main
         with:
           secrets: |
-            secret/data/github/repo/${{ github.repository }}/fossa/credentials token | FOSSA
-      - name: Checkout Repo
-        uses: actions/checkout@v4
-      - name: Run Fossa analyze
-        uses: fossas/fossa-action@v1.3.3
-        with:
-          api-key: ${{ env.FOSSA }}
-      - name: Run Fossa test
-        uses: fossas/fossa-action@v1.3.3
+            secret/data/github/org/rancher/fossa/push token | FOSSA_API_KEY_PUSH_ONLY
+
+      - name: FOSSA scan
+        uses: fossas/fossa-action@main
         with:
-          api-key: ${{ env.FOSSA }}
-          run-tests: true
+          api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }}
+          run-tests: false