Halaman utama Jelajahi Bantuan
Daftar Masuk
chenwenyi
/
GoogleSignIn-iOS
1
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Cabang: main
Ranting Tag
GoogleSignIn-iO...
/
.github
/
workflows
/
scorecards.yml

scorecards.yml 2.3 KB
Permalink Riwayat Mentahan

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. name: Scorecards supply-chain security
    2. 

  2. on:
    3. 

  3.   # Only the default branch is supported.
    4. 

  4.   branch_protection_rule:
    5. 

  5.   schedule:
    6. 

  6.     - cron: '36 4 * * 3'
    7. 

  7.   push:
    8. 

  8.     branches: [ "main" ]
    9. 

  9. 

  10. # Declare default permissions as read only.
    11. 

  11. permissions: read-all
    12. 

  12. 

  13. jobs:
    14. 

  14.   analysis:
    15. 

  15.     name: Scorecards analysis
    16. 

  16.     runs-on: ubuntu-latest
    17. 

  17.     permissions:
    18. 

  18.       # Needed to upload the results to code-scanning dashboard.
    19. 

  19.       security-events: write
    20. 

  20.       # Used to receive a badge. (Upcoming feature)
    21. 

  21.       id-token: write
    22. 

  22.       # Needs for private repositories.
    23. 

  23.       contents: read
    24. 

  24.       actions: read
    25. 

  25.     
    26. 

  26.     steps:
    27. 

  27.       - name: "Checkout code"
    28. 

  28.         uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0
    29. 

  29.         with:
    30. 

  30.           persist-credentials: false
    31. 

  31. 

  32.       - name: "Run analysis"
    33. 

  33.         uses: ossf/scorecard-action@3e15ea8318eee9b333819ec77a36aca8d39df13e # tag=v1.1.1
    34. 

  34.         with:
    35. 

  35.           results_file: results.sarif
    36. 

  36.           results_format: sarif
    37. 

  37.           # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
    38. 

  38.           # - you want to enable the Branch-Protection check on a *public* repository, or
    39. 

  39.           # - you are installing Scorecards on a *private* repository
    40. 

  40.           # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
    41. 

  41.           # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
    42. 

  42. 

  43.           # Publish the results for public repositories to enable scorecard badges. For more details, see
    44. 

  44.           # https://github.com/ossf/scorecard-action#publishing-results. 
    45. 

  45.           # For private repositories, `publish_results` will automatically be set to `false`, regardless 
    46. 

  46.           # of the value entered here.
    47. 

  47.           publish_results: true
    48. 

  48. 

  49.       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
    50. 

  50.       # format to the repository Actions tab.
    51. 

  51.       - name: "Upload artifact"
    52. 

  52.         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # tag=v4.6.2
    53. 

  53.         with:
    54. 

  54.           name: SARIF file
    55. 

  55.           path: results.sarif
    56. 

  56.           retention-days: 5
    57. 

  57.       
    58. 

  58.       # Upload the results to GitHub's code scanning dashboard.
    59. 

  59.       - name: "Upload to code-scanning"
    60. 

  60.         uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26
    61. 

  61.         with:
    62. 

  62.           sarif_file: results.sarif
    63.