Skip to content

Commit 670643f

Browse files
derkkiladerkkila
committed
Merge Scorecard scan into Release Workflow
1 parent ac6b0e0 commit 670643f

File tree

2 files changed

+43
-53
lines changed

2 files changed

+43
-53
lines changed

.github/workflows/appinspect_api.yml

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,49 @@ on:
66
- 'v*.*.*'
77

88
jobs:
9+
analysis:
10+
name: Scorecards analysis
11+
runs-on: ubuntu-latest
12+
permissions:
13+
# Needed to upload the results to code-scanning dashboard.
14+
security-events: write
15+
actions: read
16+
contents: read
17+
18+
steps:
19+
- name: "Checkout code"
20+
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
21+
with:
22+
persist-credentials: false
23+
24+
- name: "Run analysis"
25+
uses: ossf/scorecard-action@c8416b0b2bf627c349ca92fc8e3de51a64b005cf # v1.0.2
26+
with:
27+
results_file: results.sarif
28+
results_format: sarif
29+
# Read-only PAT token. To create it,
30+
# follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation.
31+
repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
32+
# Publish the results to enable scorecard badges. For more details, see
33+
# https://github.com/ossf/scorecard-action#publishing-results.
34+
# For private repositories, `publish_results` will automatically be set to `false`,
35+
# regardless of the value entered here.
36+
publish_results: true
37+
38+
# Upload the results as artifacts (optional).
39+
- name: "Upload artifact"
40+
uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
41+
with:
42+
name: SARIF file
43+
path: results.sarif
44+
retention-days: 5
45+
46+
# Upload the results to GitHub's code scanning dashboard.
47+
- name: "Upload to code-scanning"
48+
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26
49+
with:
50+
sarif_file: results.sarif
51+
952
appinspect:
1053
runs-on: ubuntu-latest
1154
steps:

.github/workflows/scorecards-analysis.yml

Lines changed: 0 additions & 53 deletions
This file was deleted.

0 commit comments

Comments
 (0)