Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-12-29 21:27:24 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
e391a39322ee8de3913b87149aa535459dcda424
coredns/.github/workflows/scorecards.yml
Yong Tang 4b864a97d1 Removed decoupled version comments in github actions (#5240) 
The dependenabot is correctly updating the version of
the github actions with commit hash. However,
the version comments that was placed initially
is not updated. As such the version has been decoupled.
For example, the checkout action
ec3a7ce113134d7a93b817d10a8272cb61118579
is actually on v3.0 yet the comment is still on v2.4.0.

This PR removes the decoupled version comments to avoid
confusion.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2022-03-07 06:49:39 -08:00

56 lines
1.8 KiB
YAML
Raw Blame History

name: Scorecards supply-chain security
on:
# Only the default branch is supported.
branch_protection_rule:
schedule:
- cron: '36 10 * * 3'
push:
branches: [ master ]
# Declare default permissions as read only.
permissions: read-all
jobs:
analysis:
name: Scorecards analysis
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
actions: read
contents: read
steps:
- name: "Checkout code"
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@c1aec4ac820532bab364f02a81873c555a0ba3a1
with:
results_file: results.sarif
results_format: sarif
# Read-only PAT token. To create it,
# follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation.
repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
# Publish the results to enable scorecard badges. For more details, see
# https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories, `publish_results` will automatically be set to `false`,
# regardless of the value entered here.
publish_results: true
# Upload the results as artifacts (optional).
- name: "Upload artifact"
uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
with:
name: SARIF file
path: results.sarif
retention-days: 5
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5
with:
sarif_file: results.sarif
Reference in New Issue View Git Blame Copy Permalink