diff options
| author | Frantisek Sumsal <frantisek@sumsal.cz> | 2022-10-20 17:06:26 +0200 |
|---|---|---|
| committer | Frantisek Sumsal <frantisek@sumsal.cz> | 2022-10-20 17:10:50 +0200 |
| commit | b3ea9cf13b410c2f4028d5ad9514f948fdb523b1 (patch) | |
| tree | 4498e6f82204491b6fe118acaac7533db6b8cfad | |
| parent | ci: add a missing SPDX line (diff) | |
| download | systemd-b3ea9cf13b410c2f4028d5ad9514f948fdb523b1.tar.xz systemd-b3ea9cf13b410c2f4028d5ad9514f948fdb523b1.zip | |
ci: run the Scorecards action in PRs only on config update
Also, unify the string quotation a bit and drop one unnecessary
expression syntax (as everything in `if` statements is automatically
evaluated as an expression).
| -rw-r--r-- | .github/workflows/scorecards.yml | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 8d4ddf9451..911ac5a35e 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -8,9 +8,13 @@ on: schedule: - cron: '15 21 * * 6' push: - branches: [ "main" ] + branches: + - main pull_request: - branches: [ "main" ] + branches: + - main + paths: + - '.github/workflows/scorecards.yml' # Declare default permissions as read only. permissions: read-all @@ -27,12 +31,12 @@ jobs: id-token: write steps: - - name: "Checkout code" + - name: Checkout code uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0 with: persist-credentials: false - - name: "Run analysis" + - name: Run analysis uses: ossf/scorecard-action@e363bfca00e752f91de7b7d2a77340e2e523cb18 # tag=v2.0.4 with: results_file: results.sarif @@ -51,7 +55,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - - name: "Upload artifact" + - name: Upload artifact uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0 with: name: SARIF file @@ -59,8 +63,8 @@ jobs: retention-days: 5 # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - if: ${{ github.event_name != 'pull_request' }} + - name: Upload to code-scanning + if: github.event_name != 'pull_request' uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26 with: sarif_file: results.sarif |