From 89e8411ae9e572704c2d96558fef069c6535c53d Mon Sep 17 00:00:00 2001
From: Adam Stegman <astegman@onemedical.com>
Date: Fri, 5 Jan 2024 16:51:34 +0000
Subject: [PATCH] Add pr-security workflow again

Originally added in #30.
Removed in #33 because it was failing.
---
 .github/workflows/pr-security.yaml | 32 ++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 .github/workflows/pr-security.yaml

diff --git a/.github/workflows/pr-security.yaml b/.github/workflows/pr-security.yaml
new file mode 100644
index 0000000..708a53b
--- /dev/null
+++ b/.github/workflows/pr-security.yaml
@@ -0,0 +1,32 @@
+---
+# onemedical/<repo>/.github/workflows/pr-security.yaml
+#
+# This is the workflow for distribution to repositories across the organization.
+# It will call the reusable PR security workflow, and run scans against each PR.
+name: PR Security
+
+
+# yamllint disable-line rule:truthy
+on:
+  pull_request:
+    branches: [main, master]
+
+
+permissions:
+  # Required for workflows in private repositories.
+  contents: read
+
+  # Required for SARIF results upload to GHAS.
+  security-events: write
+  actions: read
+
+
+jobs:
+  # Run the reusable workflow.
+  run-workflow:
+    name: Run Workflow
+    # yamllint disable-line rule:line-length
+    uses: onemedical/github-reusable-workflows/.github/workflows/reusable-pr-security.yaml@main
+    # The detect-secrets tool is used in some repositories, and generates false
+    # positives like the one below. Add comment to ignore.
+    secrets: inherit  # pragma: allowlist secret