From aa0651b776fd1109bf9abb26e73ad4ef11be9114 Mon Sep 17 00:00:00 2001
From: Shubham Sharma <shubhash@microsoft.com>
Date: Fri, 11 Mar 2022 13:01:14 +0530
Subject: [PATCH 1/4] Add FOSSA workflow and badge

Signed-off-by: Shubham Sharma <shubhash@microsoft.com>
---
 .github/workflows/fossa.yml | 47 +++++++++++++++++++++++++++++++++++++
 Readme.md                   |  1 +
 2 files changed, 48 insertions(+)
 create mode 100644 .github/workflows/fossa.yml

diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
new file mode 100644
index 000000000..2f6e12526
--- /dev/null
+++ b/.github/workflows/fossa.yml
@@ -0,0 +1,47 @@
+#
+# Copyright 2021 The Dapr Authors
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#     http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: fossa
+on:
+  push:
+    branches:
+      - master
+      - release-*
+      - feature/*
+    tags:
+      - v*
+  pull_request:
+    branches:
+      - master
+      - release-*
+      - feature/*
+  workflow_dispatch: {}
+jobs:
+  fossa-scan:
+    runs-on: ubuntu-latest
+    env:
+      FOSSA_API_KEY: b88e1f4287c3108c8751bf106fb46db6 # This is a push-only token that is safe to be exposed.
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v2
+
+      - name: "Run FOSSA Scan"
+        uses: fossas/fossa-action@main # Use a specific version if locking is preferred
+        with:
+          api-key: ${{ env.FOSSA_API_KEY }}
+
+      - name: "Run FOSSA Test"
+        uses: fossas/fossa-action@main # Use a specific version if locking is preferred
+        with:
+          api-key: ${{ env.FOSSA_API_KEY }}
+          run-tests: true
\ No newline at end of file
diff --git a/Readme.md b/Readme.md
index 997594c0d..4b0288ee6 100644
--- a/Readme.md
+++ b/Readme.md
@@ -3,6 +3,7 @@
 [![Build Status](https://github.com/dapr/components-contrib/workflows/components-contrib/badge.svg?event=push&branch=master)](https://github.com/dapr/components-contrib/actions?workflow=components-contrib)
 [![Discord](https://img.shields.io/discord/778680217417809931)](https://discord.com/channels/778680217417809931/781589820128493598)
 [![License: Apache 2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://github.com/dapr/components-contrib/blob/master/LICENSE)
+[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B162%2Fgithub.com%2Fdapr%2Fcomponents-contrib.svg?type=shield)](https://app.fossa.com/projects/custom%2B162%2Fgithub.com%2Fdapr%2Fcomponents-contrib?ref=badge_shield)
 
 The purpose of Components Contrib is to provide open, community driven reusable components for building distributed applications.
 These components are being used by the [Dapr](https://github.com/dapr/dapr) project, but are separate and decoupled from it.

From f3e8ced9c64baa3247372009821540d291d6f819 Mon Sep 17 00:00:00 2001
From: Shubham Sharma <shubhash@microsoft.com>
Date: Fri, 11 Mar 2022 21:29:13 +0530
Subject: [PATCH 2/4] Add condition

Signed-off-by: Shubham Sharma <shubhash@microsoft.com>
---
 .github/workflows/fossa.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
index 2f6e12526..e7a8672f8 100644
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@@ -28,6 +28,7 @@ on:
   workflow_dispatch: {}
 jobs:
   fossa-scan:
+    if: github.repository_owner == 'dapr' # FOSSA is not intended to run on forks.
     runs-on: ubuntu-latest
     env:
       FOSSA_API_KEY: b88e1f4287c3108c8751bf106fb46db6 # This is a push-only token that is safe to be exposed.

From 500bc0bd0b3ab8c6e96ace64b2ea7265c07606f7 Mon Sep 17 00:00:00 2001
From: Shubham Sharma <shubhash@microsoft.com>
Date: Mon, 14 Mar 2022 08:16:03 +0530
Subject: [PATCH 3/4] Remove branch from workflow

Signed-off-by: Shubham Sharma <shubhash@microsoft.com>
---
 .github/workflows/fossa.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
index e7a8672f8..e1fc57a0b 100644
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@@ -17,14 +17,12 @@ on:
     branches:
       - master
       - release-*
-      - feature/*
     tags:
       - v*
   pull_request:
     branches:
       - master
       - release-*
-      - feature/*
   workflow_dispatch: {}
 jobs:
   fossa-scan:
@@ -45,4 +43,4 @@ jobs:
         uses: fossas/fossa-action@main # Use a specific version if locking is preferred
         with:
           api-key: ${{ env.FOSSA_API_KEY }}
-          run-tests: true
\ No newline at end of file
+          run-tests: true