name: Bearer Master

on:
  push:
    branches:
      - master

permissions:
  security-events: write

jobs:
  rule_check:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Bearer
        uses: bearer/bearer-action@828eeb928ce2f4a7ca5ed57fb8b59508cb8c79bc # v2
        with:
          format: sarif
          output: results.sarif

      - name: Upload SARIF file
        if: always()
        uses: github/codeql-action/upload-sarif@2827891b2e5e0510dceab8c3619f4fe255451277 # v4
        with:
          sarif_file: results.sarif
          category: bearer-security-scan