Switch to composite action approach for security scan

tanmay-db · tanmay-db · commit 779c5a84e38c · 2026-04-08T11:38:32.000+02:00
Cross-org reusable workflows not supported, use composite action instead.

Co-authored-by: Isaac
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -7,7 +7,7 @@ on:
       - java-security
 
 jobs:
-  build:
+  build-and-scan:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -28,15 +28,8 @@ jobs:
       - name: Build JAR
         run: mvn --errors package -DskipTests -pl databricks-sdk-java
 
-      - name: Upload build artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+      - name: Security scan
+        uses: databricks-eng/gh-action-scan@v1.0.0
         with:
-          name: build-artifact
-          path: databricks-sdk-java/target/*.jar
-
-  security-scan:
-    needs: build
-    uses: databricks-eng/gh-action-scan/.github/workflows/scan.yml@v1.0.0
-    with:
-      download-artifact: build-artifact
-      artifact-name: databricks-sdk-java
+          artifact-path: databricks-sdk-java/target/
+          artifact-name: databricks-sdk-java
