mirror of
https://github.com/freeedcom/ai-codereviewer.git
synced 2025-04-21 18:16:47 +00:00
47 lines
1.4 KiB
YAML
47 lines
1.4 KiB
YAML
name: Scorecards supply-chain security
|
|
on:
|
|
workflow_dispatch:
|
|
schedule:
|
|
# Weekly on Saturdays.
|
|
- cron: "30 1 * * 6"
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
permissions: read-all
|
|
|
|
jobs:
|
|
analysis:
|
|
name: Scorecards analysis
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
|
|
steps:
|
|
- name: "Checkout code"
|
|
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: "Run analysis"
|
|
uses: ossf/scorecard-action@6c4912ed9e5f80cfda40164b92753f21f0892cab
|
|
with:
|
|
results_file: ossf-results.json
|
|
results_format: json
|
|
publish_results: false
|
|
|
|
- name: "Add metadata"
|
|
run: |
|
|
full_repo="${{ github.repository }}"
|
|
OWNER=${full_repo%/*}
|
|
REPO=${full_repo#*/}
|
|
jq -c '. + {"metadata_owner": "'$OWNER'", "metadata_repo": "'$REPO'", "metadata_query": "ossf"}' ossf-results.json > ossf-results-modified.json
|
|
|
|
- name: "Post results to Sentinel"
|
|
uses: cds-snc/sentinel-forward-data-action@main
|
|
with:
|
|
file_name: ossf-results-modified.json
|
|
log_type: GitHubMetadata_OSSF_Scorecard
|
|
log_analytics_workspace_id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
|
|
log_analytics_workspace_key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
|