From 62261edff2e66dc63159a4d73767d033386652c5 Mon Sep 17 00:00:00 2001
From: Adam Cheng <52572642+adamchengtkc@users.noreply.github.com>
Date: Tue, 12 Dec 2023 10:43:29 +0100
Subject: [PATCH] BLD: public pipeline

---
 .github/workflows/docs.yml    | 3 +++
 .github/workflows/publish.yml | 5 ++++-
 .github/workflows/snyk.yml    | 8 +++++---
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index aed70ee..dd5171f 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -6,6 +6,9 @@ name: docs
 on:
   workflow_dispatch:
   workflow_call:
+    secrets:
+      GITHUB_TOKEN:
+        required: true
   push:
     branches: [ main ]
     
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 60776eb..85e4f4d 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,7 +1,7 @@
 # This workflows will upload a Python Package using Twine when a release is created
 # For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries
 
-name: build
+name: build and publish
  
 on:
   workflow_dispatch:
@@ -25,8 +25,11 @@ jobs:
     uses: equinor/warmth/.github/workflows/snyk.yml@main
     secrets:
       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   docs:
     uses: equinor/warmth/.github/workflows/docs.yml@main
+    secrets:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   deploy:
     needs: [test3d, test1d, snyk, docs]
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
index 3acf177..74c7082 100644
--- a/.github/workflows/snyk.yml
+++ b/.github/workflows/snyk.yml
@@ -1,11 +1,11 @@
 name: Snyk scan
 on: 
-    push:
-        branches: [main, dev]
     workflow_call:
       secrets:
         SNYK_TOKEN:
           required: true
+        GITHUB_TOKEN:
+          required: true
 jobs:
   security:
     runs-on: ubuntu-latest
@@ -18,7 +18,9 @@ jobs:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
           args: --sarif-file-output=snyk.sarif --severity-threshold=high
+
       - name: Upload result to GitHub Code Scanning
         uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: snyk.sarif
\ No newline at end of file
+          sarif_file: snyk.sarif
+          token: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file