diff options
-rw-r--r-- | .github/workflows/scorecards.yml | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 8d4ddf9451..911ac5a35e 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -8,9 +8,13 @@ on: schedule: - cron: '15 21 * * 6' push: - branches: [ "main" ] + branches: + - main pull_request: - branches: [ "main" ] + branches: + - main + paths: + - '.github/workflows/scorecards.yml' # Declare default permissions as read only. permissions: read-all @@ -27,12 +31,12 @@ jobs: id-token: write steps: - - name: "Checkout code" + - name: Checkout code uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0 with: persist-credentials: false - - name: "Run analysis" + - name: Run analysis uses: ossf/scorecard-action@e363bfca00e752f91de7b7d2a77340e2e523cb18 # tag=v2.0.4 with: results_file: results.sarif @@ -51,7 +55,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - - name: "Upload artifact" + - name: Upload artifact uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0 with: name: SARIF file @@ -59,8 +63,8 @@ jobs: retention-days: 5 # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - if: ${{ github.event_name != 'pull_request' }} + - name: Upload to code-scanning + if: github.event_name != 'pull_request' uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26 with: sarif_file: results.sarif |