-
Notifications
You must be signed in to change notification settings - Fork 5.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
commit 72293cbe879bcd1fff610eace6929922c4a4d668 Author: Joyce Brum <[email protected]> Date: Thu Nov 3 10:20:52 2022 -0300 fix: upgrade scorecard action to 2.0.6 Signed-off-by: Joyce Brum <[email protected]> commit 39451ef36f4ce71053c59c3a238d95752be05136 Author: Joyce <[email protected]> Date: Wed Sep 14 17:52:59 2022 -0300 Change to the original repository Signed-off-by: Joyce <[email protected]> Signed-off-by: Joyce Brum <[email protected]> commit ddcccaa14b8ef928a4bc8ba38429d8a442806ae9 Author: Joyce <[email protected]> Date: Wed Sep 14 17:51:26 2022 -0300 Add scorecard badge Signed-off-by: Joyce <[email protected]> Signed-off-by: Joyce Brum <[email protected]> commit 8ac265f0ee197e30862c0510b01dce2bc350e129 Author: Joyce <[email protected]> Date: Wed Sep 14 17:49:49 2022 -0300 Configure Scorecard action 2.0.3 Signed-off-by: Joyce <[email protected]> Signed-off-by: Joyce Brum <[email protected]>
- Loading branch information
Showing
2 changed files
with
56 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
name: Scorecards supply-chain security | ||
on: | ||
# Only the default branch is supported. | ||
branch_protection_rule: | ||
schedule: | ||
- cron: '44 9 * * 4' | ||
push: | ||
branches: [ "v2" ] | ||
|
||
# Declare default permissions as read only. | ||
permissions: read-all | ||
|
||
jobs: | ||
analysis: | ||
name: Scorecards analysis | ||
runs-on: ubuntu-latest | ||
permissions: | ||
# Needed to upload the results to code-scanning dashboard. | ||
security-events: write | ||
# Used to receive a badge. | ||
id-token: write | ||
|
||
steps: | ||
- name: "Checkout code" | ||
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0 | ||
with: | ||
persist-credentials: false | ||
|
||
- name: "Run analysis" | ||
uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # tag=v2.0.6 | ||
with: | ||
results_file: results.sarif | ||
results_format: sarif | ||
|
||
# Publish the results for public repositories to enable scorecard badges. For more details, see | ||
# https://github.com/ossf/scorecard-action#publishing-results. | ||
# For private repositories, `publish_results` will automatically be set to `false`, regardless | ||
# of the value entered here. | ||
publish_results: true | ||
|
||
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF | ||
# format to the repository Actions tab. | ||
- name: "Upload artifact" | ||
uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0 | ||
with: | ||
name: SARIF file | ||
path: results.sarif | ||
retention-days: 5 | ||
|
||
# Upload the results to GitHub's code scanning dashboard. | ||
- name: "Upload to code-scanning" | ||
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26 | ||
with: | ||
sarif_file: results.sarif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters