Run the local action (current branch code) in the workflows (#15)

Signed-off-by: tdruez <tdruez@nexb.com>

Author: tdruez

.github/workflows/analyze-docker-image.yml

@@ -2,10 +2,16 @@ on: [push]
 
 jobs:
   scan-codebase:
-    runs-on: ubuntu-22.04
-    name: Analyze a Docker image with ScanCode.io
+    runs-on: ubuntu-24.04
+    name: Analyze a Docker image
     steps:
-      - uses: nexB/scancode-action@alpha
+      - name: Get the action.yml from the current branch
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: action.yml
+          sparse-checkout-cone-mode: false
+
+      - uses: ./
         with:
           pipelines: "analyze_docker_image"
           input-urls:

.github/workflows/find-vulnerabilities.yml

@@ -2,13 +2,19 @@ on: [push]
 
 jobs:
   scan-codebase:
-    runs-on: ubuntu-22.04
-    name: Scan codebase with ScanCode.io
+    runs-on: ubuntu-24.04
+    name: Scan codebase and find vulnerabilities
     steps:
+      - name: Get the action.yml from the current branch
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: action.yml
+          sparse-checkout-cone-mode: false
+
       - uses: actions/checkout@v4
         with:
           path: scancode-inputs
-      - uses: nexB/scancode-action@alpha
+      - uses: ./
         with:
           pipelines: "scan_codebase,find_vulnerabilities"
         env:

.github/workflows/map-deploy-to-develop.yml

@@ -2,10 +2,16 @@ on: [push]
 
 jobs:
   scan-codebase:
-    runs-on: ubuntu-22.04
-    name: Map deploy to develop with ScanCode.io
+    runs-on: ubuntu-24.04
+    name: Map deploy to develop
     steps:
-      - uses: nexB/scancode-action@alpha
+      - name: Get the action.yml from the current branch
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: action.yml
+          sparse-checkout-cone-mode: false
+
+      - uses: ./
         with:
           pipelines: "map_deploy_to_develop"
           input-urls:

.github/workflows/scan-codebase.yml

@@ -5,11 +5,16 @@ jobs:
     runs-on: ubuntu-24.04
     name: Scan codebase and check for compliance issues
     steps:
+      - name: Get the action.yml from the current branch
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: action.yml
+          sparse-checkout-cone-mode: false
+
       - uses: actions/checkout@v4
         with:
           path: scancode-inputs
-      - name: Run scancode-action from current branch
-        uses: ./scancode-inputs
+      - uses: ./
         with:
           pipelines: "scan_codebase"
           check-compliance: true

.github/workflows/scan-single-package.yml

@@ -2,12 +2,17 @@ on: [push]
 
 jobs:
   scan-codebase:
-    runs-on: ubuntu-22.04
-    name: Scan package with ScanCode.io
+    runs-on: ubuntu-24.04
+    name: Scan a package archive
     steps:
-      - name: Download repository archive to scancode-inputs/ directory
-        run: |
-          wget --directory-prefix=scancode-inputs https://github.com/${GITHUB_REPOSITORY}/archive/${GITHUB_REF}.zip
-      - uses: nexB/scancode-action@alpha
+      - name: Get the action.yml from the current branch
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: action.yml
+          sparse-checkout-cone-mode: false
+
+      - uses: ./
         with:
           pipelines: "scan_single_package"
+          input-urls:
+            https://github.com/${GITHUB_REPOSITORY}/archive/${GITHUB_REF}.zip

README.md

@@ -79,7 +79,7 @@ steps:
     compliance-fail-level:
 
     # Python version that will be installed to run ScanCode.io
-    # Default is '3.11'
+    # Default is '3.12'
     python-version:
 ```
 

action.yml

@@ -30,7 +30,7 @@ inputs:
     required: false
   python-version:
     description: "Python version."
-    default: "3.11"
+    default: "3.12"
   scancodeio-repo-branch:
     description: "Branch to install ScanCode.io from the GitHub repository (optional)"
     required: false