name: Vulnerability Scan

on:
  # enable running the workflow manually
  workflow_dispatch:
  schedule:
    # run every night at 4:00 AM (UTC)
    - cron: '0 4 * * *'

permissions:
  contents: read
  security-events: write

jobs:
  trivy-scan:
    # only on original eclipse-hawkbit/hawkbit repo or when manually triggered
    if: github.repository == 'eclipse-hawkbit/hawkbit' || github.event_name == 'workflow_dispatch'
    strategy:
      matrix:
        branch: [master, "1.0"]
    uses: ./.github/workflows/reusable_workflow_trivy-scan.yaml
    permissions:
      contents: read
      security-events: write
    # Enable Upload for both branches
    with:
      ref: ${{ matrix.branch }}
      upload: true