mirror of https://github.com/prometheus/prometheus
Julien Pivotto
1 year ago
committed by
GitHub
2 changed files with 51 additions and 0 deletions
@ -0,0 +1,50 @@
|
||||
# Copyright 2022 Google LLC |
||||
|
||||
name: Scorecards supply-chain security |
||||
on: |
||||
pull_request: |
||||
push: |
||||
branches: [ "main" ] |
||||
|
||||
# Declare default permissions as read only. |
||||
permissions: read-all |
||||
|
||||
jobs: |
||||
analysis: |
||||
name: Scorecards analysis |
||||
runs-on: ubuntu-latest |
||||
permissions: |
||||
# Needed to upload the results to code-scanning dashboard. |
||||
security-events: write |
||||
# Used to receive a badge. |
||||
id-token: write |
||||
|
||||
steps: |
||||
- name: "Checkout code" |
||||
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0 |
||||
with: |
||||
persist-credentials: false |
||||
|
||||
- name: "Run analysis" |
||||
uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # tag=v2.2.0 |
||||
with: |
||||
results_file: results.sarif |
||||
results_format: sarif |
||||
# Publish the results for public repositories to enable scorecard badges. For more details, see |
||||
# https://github.com/ossf/scorecard-action#publishing-results. |
||||
publish_results: ${{ github.event_name != 'pull_request' }} |
||||
|
||||
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF |
||||
# format to the repository Actions tab. |
||||
- name: "Upload artifact" |
||||
uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0 |
||||
with: |
||||
name: SARIF file |
||||
path: results.sarif |
||||
retention-days: 5 |
||||
|
||||
# Upload the results to GitHub's code scanning dashboard. |
||||
- name: "Upload to code-scanning" |
||||
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26 |
||||
with: |
||||
sarif_file: results.sarif |
||||
Loading…
Reference in new issue