8000 Add same scorecards-analysis.yml as Apache Log4j (except for branches) · angusdev/commons-csv@573eab7 · GitHub
Skip to content

Commit 573eab7

Browse files
committed
Add same scorecards-analysis.yml as Apache Log4j (except for branches)
1 parent 9797255 commit 573eab7

1 file changed

Lines changed: 67 additions & 0 deletions

File tree

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
# Licensed to the Apache Software Foundation (ASF) under one or more
2+
# contributor license agreements. See the NOTICE file distributed with
3+
# this work for additional information regarding copyright ownership.
4+
# The ASF licenses this file to You under the Apache license, Version 2.0
5+
# (the "License"); you may not use this file except in compliance with
6+
# the License. You may obtain a copy of the License at
7+
#
8+
# http://www.apache.org/licenses/LICENSE-2.0
9+
#
10+
# Unless required by applicable law or agreed to in writing, software
11+
# distributed under the License is distributed on an "AS IS" BASIS,
12+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
# See the license for the specific language governing permissions and
14+
# limitations under the license.
15+
16+
name: "Scorecards supply-chain security"
17+
18+
on:
19+
branch_protection_rule:
20+
schedule:
21+
- cron: "30 1 * * 6" # Weekly on Saturdays
22+
push:
23+
branches: [ "master" ]
24+
25+
permissions: read-all
26+
27+
jobs:
28+
29+
analysis:
30+
31+
name: "Scorecards analysis"
32+
runs-on: ubuntu-latest
33+
permissions:
34+
security-events: write # Needed to upload the results to the code-scanning dashboard.
35+
actions: read
36+
contents: read
37+
38+
steps:
39+
40+
- name: "Checkout code"
41+
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # 3.0.2
42+
with:
43+
persist-credentials: false
44+
45+
- name: "Run analysis"
46+
uses: ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564 # 1.1.2
47+
with:
48+
results_file: results.sarif
49+
results_format: sarif
50+
# A read-only PAT token, which is sufficient for the action to function.
51+
# The relevant discussion: https://github.com/ossf/scorecard-action/issues/188
52+
repo_token: ${{ secrets.GITHUB_TOKEN }}
53+
# Publish the results for public repositories to enable scorecard badges.
54+
# For more details: https://github.com/ossf/scorecard-action#publishing-results
55+
publish_results: true
56+
57+
- name: "Upload artifact"
58+
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # 3.1.0
59+
with:
60+
name: SARIF file
61+
path: results.sarif
62+
retention-days: 5
63+
64+
- name: "Upload to code-scanning"
65+
uses: github/codeql-action/upload-sarif@b398f525a5587552e573b247ac661067fafa920b # 2.1.22
66+
with:
67+
sarif_file: results.sarif

0 commit comments

Comments
 (0)