Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: Add OpenSSF Scorecard Workflow #212

Merged
merged 2 commits into from
Nov 16, 2024
Merged

ci: Add OpenSSF Scorecard Workflow #212

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
342b2f7
Scorecard Workflow
JackPlowman Nov 16, 2024
fe9e310
update
JackPlowman Nov 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 44 additions & 2 deletions .github/workflows/code-checks.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,13 @@
permissions:
contents: read
packages: read
statuses: write
security-events: write

jobs:
check-code-quality:
name: Check Code Quality
runs-on: ubuntu-latest
permissions:
statuses: write
Dismissed Show dismissed Hide dismissed
steps:
- name: Checkout
uses: actions/[email protected]
Expand Down Expand Up @@ -46,6 +46,8 @@
check-python-code-format-and-quality:
name: Check Python Code Format and Quality
runs-on: ubuntu-latest
permissions:
statuses: write
Dismissed Show dismissed Hide dismissed
steps:
- name: Checkout
uses: actions/[email protected]
Expand All @@ -71,6 +73,9 @@
upload-ruff-analysis-results:
name: Upload Ruff Analysis Results
runs-on: ubuntu-latest
permissions:
statuses: write
Dismissed Show dismissed Hide dismissed
security-events: write
steps:
- name: Checkout
uses: actions/[email protected]
Expand All @@ -96,6 +101,8 @@
run-codeql-analysis:
name: CodeQL Analysis
runs-on: ubuntu-latest
permissions:
statuses: write
Dismissed Show dismissed Hide dismissed
steps:
- name: Checkout repository
uses: actions/[email protected]
Expand All @@ -110,6 +117,8 @@
check-markdown-links:
name: Check Markdown links
runs-on: ubuntu-latest
permissions:
statuses: write
Dismissed Show dismissed Hide dismissed
steps:
- name: Checkout Repository
uses: actions/[email protected]
Expand All @@ -128,6 +137,8 @@
check-justfile-format:
name: Check Justfile Format
runs-on: ubuntu-latest
permissions:
statuses: write
Dismissed Show dismissed Hide dismissed
steps:
- name: Checkout Repository
uses: actions/[email protected]
Expand All @@ -143,6 +154,8 @@
docker-build:
name: Build Docker Image
runs-on: ubuntu-latest
permissions:
statuses: write
Dismissed Show dismissed Hide dismissed
steps:
- name: Checkout
uses: actions/[email protected]
Expand All @@ -158,6 +171,35 @@
- name: Build Docker Image
run: just docker-build

run-scorecard-analysis:
name: Scorecard Analysis
runs-on: ubuntu-latest
permissions:
security-events: write
id-token: write
contents: read
actions: read
issues: read
pull-requests: read
checks: read
steps:
- name: "Checkout code"
uses: actions/[email protected]
Dismissed Show dismissed Hide dismissed
with:
persist-credentials: false

- name: "Run analysis"
uses: ossf/[email protected]
Dismissed Show dismissed Hide dismissed
with:
results_file: results.sarif
results_format: sarif
publish_results: true

- name: "Upload to code-scanning"
uses: github/codeql-action/[email protected]
Dismissed Show dismissed Hide dismissed
with:
sarif_file: results.sarif

run-code-limit:
name: Code Limit Analysis
runs-on: ubuntu-latest
Expand Down
Loading