From a08a7570a6854ab450db7490344e8baf82c6608c Mon Sep 17 00:00:00 2001
From: Evan Sims <hello@evansims.com>
Date: Thu, 11 Jul 2024 11:49:21 -0500
Subject: [PATCH] chore(ci): add FOSSA workflow

---
 .github/workflows/fossa.yaml   | 35 ++++++++++++++++++++++++++++++++++
 .github/workflows/semgrep.yaml |  2 +-
 .openapi-generator/FILES       |  1 +
 3 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/fossa.yaml

diff --git a/.github/workflows/fossa.yaml b/.github/workflows/fossa.yaml
new file mode 100644
index 0000000..b6d7e05
--- /dev/null
+++ b/.github/workflows/fossa.yaml
@@ -0,0 +1,35 @@
+name: FOSSA
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  fossa:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
+        with:
+          java-version: "17"
+          distribution: "temurin"
+
+      - name: Install dependencies
+        run: ./gradlew build
+
+      - name: Run FOSSA scan and upload build data
+        uses: fossas/fossa-action@47ef11b1e1e3812e88dae436ccbd2d0cbd1adab0 # v1.3.3
+        with:
+          api-key: ${{ secrets.FOSSA_API_KEY }}
+          branch: ${{ github.ref_name }}
+
+      - name: Run FOSSA tests
+        uses: fossas/fossa-action@47ef11b1e1e3812e88dae436ccbd2d0cbd1adab0 # v1.3.3
+        with:
+          api-key: ${{ secrets.FOSSA_API_KEY }}
+          run-tests: true
diff --git a/.github/workflows/semgrep.yaml b/.github/workflows/semgrep.yaml
index 2b936c0..a5f32f1 100644
--- a/.github/workflows/semgrep.yaml
+++ b/.github/workflows/semgrep.yaml
@@ -11,7 +11,7 @@ jobs:
       image: returntocorp/semgrep
     if: (github.actor != 'dependabot[bot]' && github.actor != 'snyk-bot')
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           fetch-depth: 0
       - run: semgrep ci --no-suppress-errors
diff --git a/.openapi-generator/FILES b/.openapi-generator/FILES
index 7fb7f8d..a59ca74 100644
--- a/.openapi-generator/FILES
+++ b/.openapi-generator/FILES
@@ -5,6 +5,7 @@
 .github/ISSUE_TEMPLATE/config.yaml
 .github/ISSUE_TEMPLATE/feature_request.yaml
 .github/dependabot.yaml
+.github/workflows/fossa.yaml
 .github/workflows/main.yaml
 .github/workflows/semgrep.yaml
 .gitignore