From ebd49e70df2fcee47decfd3bcbf485950e143d1e Mon Sep 17 00:00:00 2001
From: Nick Meyer <nickm@replicated.com>
Date: Thu, 15 Sep 2022 10:06:11 -0500
Subject: [PATCH] add FOSSA PR scan; update label requirements
 [sc-53201][sc-53409]

---
 .fossa.yml                               |  4 ++++
 .github/workflows/pr-license-scan.yaml   | 19 +++++++++++++++++++
 .github/workflows/require-pr-labels.yaml | 10 +++-------
 README.md                                |  2 ++
 4 files changed, 28 insertions(+), 7 deletions(-)
 create mode 100644 .fossa.yml
 create mode 100644 .github/workflows/pr-license-scan.yaml

diff --git a/.fossa.yml b/.fossa.yml
new file mode 100644
index 00000000..5e19374a
--- /dev/null
+++ b/.fossa.yml
@@ -0,0 +1,4 @@
+version: 3
+
+project:
+  id: github.com/replicatedhq/troubleshoot
diff --git a/.github/workflows/pr-license-scan.yaml b/.github/workflows/pr-license-scan.yaml
new file mode 100644
index 00000000..3d5b0e1e
--- /dev/null
+++ b/.github/workflows/pr-license-scan.yaml
@@ -0,0 +1,19 @@
+name: PR license scan
+
+on:
+  pull_request:
+
+jobs:
+  fossa-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: "Run FOSSA Analyze" 
+        uses: fossas/fossa-action@main
+        with:
+          api-key: ${{ secrets.FOSSA_API_KEY }}
+      - name: "Run FOSSA Test"
+        uses: fossas/fossa-action@main
+        with:
+          api-key: ${{ secrets.FOSSA_API_KEY }}
+          run-tests: true
diff --git a/.github/workflows/require-pr-labels.yaml b/.github/workflows/require-pr-labels.yaml
index 71088960..0718f8d3 100644
--- a/.github/workflows/require-pr-labels.yaml
+++ b/.github/workflows/require-pr-labels.yaml
@@ -12,15 +12,11 @@ on:
       - synchronize
 
 jobs:
-  require_pr_labels:
+  require-pr-labels:
+    uses: replicatedhq/reusable-workflows/.github/workflows/pr-enforce-labels.yaml@main
+  require-bug-labels:
     runs-on: ubuntu-latest
     steps:
-      - uses: mheap/github-action-required-labels@v2
-        with:
-          mode: exactly
-          count: 1
-          labels: "type::feature, type::bug, type::chore, type::tests, type::security, type::docs"
-
       - uses: mheap/github-action-required-labels@v2
         if: ${{ github.event.label.name == 'type::bug' }}
         with:
diff --git a/README.md b/README.md
index ec2e871f..700f797e 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
 # Replicated Troubleshoot
 
+[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B5995%2Fgithub.com%2Freplicatedhq%2Ftroubleshoot.svg?type=small)](https://app.fossa.com/projects/custom%2B5995%2Fgithub.com%2Freplicatedhq%2Ftroubleshoot?ref=badge_small)
+
 Replicated Troubleshoot is a framework for collecting, redacting, and analyzing highly customizable diagnostic information about a Kubernetes cluster. Troubleshoot specs are created by 3rd-party application developers/maintainers and run by cluster operators in the initial and ongoing operation of those applications.
 
 Troubleshoot provides two CLI tools as kubectl plugins (using [Krew](https://krew.dev)): `kubectl preflight` and `kubectl support-bundle`. Preflight provides pre-installation cluster conformance testing and validation (preflight checks) and support-bundle provides post-installation troubleshooting and diagnostics (support bundles).