Protocol Buffers - Google's data interchange format (grpc依赖)
https://developers.google.com/protocol-buffers/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
60 lines
2.3 KiB
60 lines
2.3 KiB
# This workflow uses actions that are not certified by GitHub. They are provided |
|
# by a third-party and are governed by separate terms of service, privacy |
|
# policy, and support documentation. |
|
|
|
name: Scorecard supply-chain security |
|
on: |
|
# For Branch-Protection check. Only the default branch is supported. See |
|
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection |
|
branch_protection_rule: |
|
# To guarantee Maintained check is occasionally updated. See |
|
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained |
|
schedule: |
|
- cron: '20 5 * * 2' |
|
push: |
|
branches: [ "main" ] |
|
|
|
# Declare default permissions as read only. |
|
permissions: read-all |
|
|
|
jobs: |
|
analysis: |
|
name: Scorecard analysis |
|
runs-on: ubuntu-latest |
|
permissions: |
|
security-events: write # to upload the results to code-scanning dashboard |
|
id-token: write # to publish results and get a badge |
|
|
|
steps: |
|
- name: "Checkout code" |
|
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 |
|
with: |
|
persist-credentials: false |
|
|
|
- name: "Run analysis" |
|
uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 |
|
with: |
|
results_file: results.sarif |
|
results_format: sarif |
|
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if |
|
# you want to enable the Branch-Protection check on a *public* repository, or |
|
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-fine-grained-pat-optional. |
|
# repo_token: ${{ secrets.SCORECARD_TOKEN }} |
|
|
|
# Allows the repository to include the Scorecard badge. |
|
publish_results: true |
|
|
|
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF |
|
# format to the repository Actions tab. |
|
- name: "Upload artifact" |
|
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 |
|
with: |
|
name: SARIF file |
|
path: results.sarif |
|
retention-days: 5 |
|
|
|
# Upload the results to GitHub's code scanning dashboard. |
|
- name: "Upload to code-scanning" |
|
uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 |
|
with: |
|
sarif_file: results.sarif
|
|
|