From 18944dab07ec72e5c8824b4c967599db0d65f2c0 Mon Sep 17 00:00:00 2001
From: Trey Pendragon <tpendragon@princeton.edu>
Date: Wed, 24 Jul 2024 12:23:51 -0700
Subject: [PATCH] Also do a non-required to merge vuln scan on PRs.

---
 .github/workflows/nightly-vuln-scanning.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/nightly-vuln-scanning.yml b/.github/workflows/nightly-vuln-scanning.yml
index 55a61485..34934329 100644
--- a/.github/workflows/nightly-vuln-scanning.yml
+++ b/.github/workflows/nightly-vuln-scanning.yml
@@ -3,6 +3,9 @@ name: Run nightly vulnerability check
 on:
   schedule:
     - cron: '0 0 * * *'
+  pull_request:
+    branches:
+      - main
 
 # Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
 env:
@@ -19,7 +22,7 @@ jobs:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@0.20.0
         id: runscanner
-        continue-on-error: true
+        continue-on-error: ${{ github.event_name != 'pull_request' }}
         with:
           image-ref: 'ghcr.io/pulibrary/dpul-collections:main'
           format: 'table'
@@ -27,7 +30,7 @@ jobs:
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
-          output: 'vulnerabilities.table'
+          output: ${{ github.event_name != 'pull_request' && 'vulnerabilities.table' || null }}
       - name: Set variables
         id: scanner
         run: |
@@ -42,7 +45,7 @@ jobs:
           SCANNER_OUTPUTS: ${{ steps.scanner.outputs.results }}
         run: echo "${{ env.SCANNER_OUTPUTS }}"
       - name: Create issue
-        if: job.steps.runscanner.status == failure()
+        if: job.steps.runscanner.status == failure() && github.event_name != 'pull_request'
         uses: JasonEtco/create-an-issue@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}