From fcb99cc70474ad3d8e02d0bc792693d68e98511b Mon Sep 17 00:00:00 2001 From: Nigel Jones Date: Tue, 13 Aug 2024 16:25:55 +0100 Subject: [PATCH 1/3] #1830 update scorecard to v5 (gh action 2.4.0) Signed-off-by: Nigel Jones --- .github/workflows/scorecard.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f3e5f06ec..ed0f1327d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -9,6 +9,7 @@ on: workflow_call: workflow_dispatch: + jobs: analysis: name: Scorecard analysis @@ -24,12 +25,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # pin@v2.3.1 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # pin@v2.4.0 with: results_file: results.sarif results_format: sarif @@ -51,7 +52,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # pin@v4 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # pin@v4 with: name: SARIF file path: results.sarif From 423dab47f42a70bc1413e110c7f6017fbc792140 Mon Sep 17 00:00:00 2001 From: Nigel Jones Date: Tue, 27 Aug 2024 10:14:14 +0100 Subject: [PATCH 2/3] Pin action version in unix.yml Signed-off-by: Nigel Jones --- .github/workflows/linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index f41d1b718..c2f05627e 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -259,7 +259,7 @@ jobs: container: openquantumsafe/ci-ubuntu-latest:latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Configure run: mkdir build && cd build && scan-build --status-bugs cmake -GNinja .. - name: Build From a0b2a76d4be7a18519f5375eb77dfd8ef84ff62d Mon Sep 17 00:00:00 2001 From: Nigel Jones Date: Tue, 27 Aug 2024 10:23:12 +0100 Subject: [PATCH 3/3] Schedule only, no PR. Minor updates to scorecard Signed-off-by: Nigel Jones --- .github/workflows/scorecard.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ed0f1327d..6c0448892 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -47,7 +47,7 @@ jobs: # For private repositories: # - `publish_results` will always be set to `false`, regardless # of the value entered here. - publish_results: false + publish_results: true # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. @@ -56,9 +56,9 @@ jobs: with: name: SARIF file path: results.sarif - retention-days: 5 + retention-days: 28 # Upload the results to GitHub's code scanning dashboard. - #- name: "Upload to code-scanning" - # uses: github/codeql-action/upload-sarif@e949a1676c32f4c215780f7429eb9f00ff18b225 # pin@v2 - # with: - # sarif_file: results.sarif + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # pin@v3 + with: + sarif_file: results.sarif