[pcsx_rearmed.git] / deps / libchdr / deps / zstd-1.5.5 / .github / workflows / scorecards.yml

name: Scorecards supply-chain security
on:
  # Only the default branch is supported.
  branch_protection_rule:
  schedule:
    - cron: '22 21 * * 2'
  push:
    # TODO: Add release branch when supported?
    branches: [ "dev" ]

# Declare default permissions as read only.
permissions: read-all

jobs:
  analysis:
    name: Scorecards analysis
    if: github.repository == 'facebook/zstd'
    runs-on: ubuntu-latest
    permissions:
      # Needed to upload the results to code-scanning dashboard.
      security-events: write
      # Used to receive a badge.
      id-token: write
      # Needs for private repositories.
      contents: read
      actions: read

    steps:
      - name: "Checkout code"
        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # tag=v3
        with:
          persist-credentials: false

      - name: "Run analysis"
        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # tag=v2.1.2
        with:
          results_file: results.sarif
          results_format: sarif
          # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
          # - you want to enable the Branch-Protection check on a *public* repository, or
          # - you are installing Scorecards on a *private* repository
          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
          # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}

          # Publish the results for public repositories to enable scorecard badges. For more details, see
          # https://github.com/ossf/scorecard-action#publishing-results.
          # For private repositories, `publish_results` will automatically be set to `false`, regardless
          # of the value entered here.
          publish_results: true

      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # tag=v3.1.2
        with:
          name: SARIF file
          path: results.sarif
          retention-days: 5

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
        uses: github/codeql-action/upload-sarif@67a35a08586135a9573f4327e904ecbf517a882d # tag=v2.2.8
        with:
          sarif_file: results.sarif
Commit	Line	Data
648db22b	1	name: Scorecards supply-chain security
	2	on:
	3	# Only the default branch is supported.
	4	branch_protection_rule:
	5	schedule:
	6	- cron: '22 21 * * 2'
	7	push:
	8	# TODO: Add release branch when supported?
	9	branches: [ "dev" ]
	10
	11	# Declare default permissions as read only.
	12	permissions: read-all
	13
	14	jobs:
	15	analysis:
	16	name: Scorecards analysis
	17	if: github.repository == 'facebook/zstd'
	18	runs-on: ubuntu-latest
	19	permissions:
	20	# Needed to upload the results to code-scanning dashboard.
	21	security-events: write
	22	# Used to receive a badge.
	23	id-token: write
	24	# Needs for private repositories.
	25	contents: read
	26	actions: read
	27
	28	steps:
	29	- name: "Checkout code"
	30	uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # tag=v3
	31	with:
	32	persist-credentials: false
	33
	34	- name: "Run analysis"
	35	uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # tag=v2.1.2
	36	with:
	37	results_file: results.sarif
	38	results_format: sarif
	39	# (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
	40	# - you want to enable the Branch-Protection check on a public repository, or
	41	# - you are installing Scorecards on a private repository
	42	# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
	43	# repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
	44
	45	# Publish the results for public repositories to enable scorecard badges. For more details, see
	46	# https://github.com/ossf/scorecard-action#publishing-results.
	47	# For private repositories, `publish_results` will automatically be set to `false`, regardless
	48	# of the value entered here.
	49	publish_results: true
	50
	51	# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
	52	# format to the repository Actions tab.
	53	- name: "Upload artifact"
	54	uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # tag=v3.1.2
	55	with:
	56	name: SARIF file
	57	path: results.sarif
	58	retention-days: 5
	59
	60	# Upload the results to GitHub's code scanning dashboard.
	61	- name: "Upload to code-scanning"
	62	uses: github/codeql-action/upload-sarif@67a35a08586135a9573f4327e904ecbf517a882d # tag=v2.2.8
	63	with:
	64	sarif_file: results.sarif