From 9089dce48b612feb8e1170f51f30cfe84a1f1ebf Mon Sep 17 00:00:00 2001
From: Maggie Dreyer <maggie@puppet.com>
Date: Wed, 25 Jun 2025 14:20:07 -0700
Subject: [PATCH] (maint) Add step to mend scan GHA to report any vulns found

---
 .github/workflows/mend.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml
index c5146e4..3e869f9 100644
--- a/.github/workflows/mend.yml
+++ b/.github/workflows/mend.yml
@@ -4,6 +4,8 @@ on:
   push:
     branches:
       - main
+      - puppet8
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -37,3 +39,12 @@ jobs:
         WS_USERKEY: ${{ secrets.MEND_TOKEN }}
         WS_PRODUCTNAME: CD4PE
         WS_PROJECTNAME:  ${{ github.event.repository.name }}
+    - name: "report vulnerabilities"
+        id: vulnerabilities
+        uses: puppetlabs/get-mend-vulnerabilities@v2
+        with:
+          product_token: ${{ secrets.MEND_PRODUCT_TOKEN }}
+          product_display_name: "CD4PE"
+          user_token: ${{ secrets.MEND_TOKEN }}
+          fail_on_alert: "true"
+          projects: "puppet-dev-tools"