diff options
| author | Joyce Brum <joycebrum@google.com> | 2023-06-14 19:35:17 +0200 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@gmail.com> | 2023-06-14 21:22:50 +0200 |
| commit | 2b3211c8362faad8d83fc13ce83ffedc949ab56e (patch) | |
| tree | c1bc83b7396d1d64412eb02867ee608ddbf5a39a /.github/workflows/scorecards.yml | |
| parent | Merge pull request #28036 from medhefgo/meson (diff) | |
| download | systemd-2b3211c8362faad8d83fc13ce83ffedc949ab56e.tar.xz systemd-2b3211c8362faad8d83fc13ce83ffedc949ab56e.zip | |
Squashed commit of the following:
commit ef2fc83647f69c172c11e0dea318bf6ecf79a4aa
Author: Joyce <joycebrum@google.com>
Date: Wed Jun 14 12:18:23 2023 -0300
Update scorecards.yml
Signed-off-by: Joyce <joycebrum@google.com>
commit c59c05c6ab156b20249e8056d8cbaafbe0c495f8
Merge: 7431a54568 f66d040d95
Author: Joyce <joycebrum@google.com>
Date: Wed Jun 14 10:22:28 2023 -0300
Merge branch 'main' into fix/disable-code-scanning-alerts
commit 7431a54568746a2fa4db1b23e1359984335df41e
Author: Joyce <joycebrum@google.com>
Date: Tue Jun 13 18:15:21 2023 -0300
Remove code scanning alerts scorecards.yml
Signed-off-by: Joyce <joycebrum@google.com>
Signed-off-by: Joyce Brum <joycebrum@google.com>
Diffstat (limited to '.github/workflows/scorecards.yml')
| -rw-r--r-- | .github/workflows/scorecards.yml | 31 |
1 files changed, 1 insertions, 30 deletions
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2eede1dd8d..f4a34d95fb 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -25,10 +25,7 @@ jobs: if: github.repository == 'systemd/systemd' runs-on: ubuntu-latest permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Used to receive a badge. - id-token: write + id-token: write # Used to receive a badge. steps: - name: Checkout code @@ -41,30 +38,4 @@ jobs: with: results_file: results.sarif results_format: sarif - # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if: - # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecards on a *private* repository - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} - - # Publish the results for public repositories to enable scorecard badges. For more details, see - # https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories, `publish_results` will automatically be set to `false`, regardless - # of the value entered here. publish_results: ${{ github.event_name != 'pull_request' }} - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: Upload artifact - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: Upload to code-scanning - if: github.event_name != 'pull_request' - uses: github/codeql-action/upload-sarif@0225834cc549ee0ca93cb085b92954821a145866 # v2.20.0 - with: - sarif_file: results.sarif |