From e4cb9d429b7878a1adf84697ed6f2163b1737c1b Mon Sep 17 00:00:00 2001
From: sealesj <103135467+sealesj@users.noreply.github.com>
Date: Wed, 14 Sep 2022 15:47:44 -0400
Subject: [PATCH] Separate GitHub workflow jobs (#36127)

* boringssl metadata for vuln scan

* update date, add owners test

* move unsupported actions into new job

* temp remove branch protection for test

* minor change

* fake change

* no branch check

* re-enable branch protection

* updates

* refactor further into generic setup
---
 .github/workflows/scorecards-analysis.yml | 37 +++++++++++++++--------
 1 file changed, 24 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index 24626afeec40c..0f83e34e9ebea 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -9,32 +9,43 @@ on:
 permissions: read-all
 
 jobs:
-  analysis:
-    name: Scorecards analysis
+  setup:
+    name: setup
     runs-on: ubuntu-latest
     if: ${{ github.repository == 'flutter/engine' }}
-    permissions:
-      # Needed to upload the results to code-scanning dashboard.
-      security-events: write
-      actions: read
-      contents: read
-      # Needed to access OIDC token.
-      id-token: write
-
     steps:
       - name: "Checkout code"
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
         with:
           persist-credentials: false
 
-      - name: setup python
+  vuln-scan:
+    name: Vulnerability scanning
+    runs-on: ubuntu-latest
+    needs: setup
+    if: ${{ github.repository == 'flutter/engine' }}
+    steps:
+      - name: "setup python"
         uses: actions/setup-python@b55428b1882923874294fa556849718a1d7f2ca5
         with:
           python-version: '3.7.7' # install the python version needed
-
-      - name: execute py script
+      - name: "execute py script"
         run: python ci/deps_parser.py
 
+  scorecards:
+    name: Scorecards analysis
+    needs: setup
+    runs-on: ubuntu-latest
+    if: ${{ github.repository == 'flutter/engine' }}
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      actions: read
+      contents: read
+      # Needed to access OIDC token.
+      id-token: write
+
+    steps:
       - name: "Run analysis"
         uses: ossf/scorecard-action@865b4092859256271290c77adbd10a43f4779972
         with: