mirror of
https://github.com/flutter/samples.git
synced 2026-03-24 13:22:01 +00:00
0083ceb353
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.5 to 2.3.6. <details> <summary>Commits</summary> <ul> <li><a href="83f0fe6c49"><code>83f0fe6</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1713">#1713</a> from github/update-v2.3.6-96f284028</li> <li><a href="5c8f4be0e9"><code>5c8f4be</code></a> Update changelog for v2.3.6</li> <li><a href="96f2840282"><code>96f2840</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1711">#1711</a> from github/henrymercer/improve-supported-versions-u...</li> <li><a href="89c4c9e65c"><code>89c4c9e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1678">#1678</a> from github/henrymercer/default-setup-safeguarding</li> <li><a href="26f16a5e63"><code>26f16a5</code></a> Rephrase the still supported calculation to make it clearer</li> <li><a href="955f8596ae"><code>955f859</code></a> Fix sign error</li> <li><a href="e7cff66ce1"><code>e7cff66</code></a> Fix push</li> <li><a href="afdba76326"><code>afdba76</code></a> Wait a week before dropping support for end of life GHES versions</li> <li><a href="07e43a2208"><code>07e43a2</code></a> Open PR with gh CLI</li> <li><a href="9632771630"><code>9632771</code></a> Address review comments</li> <li>Additional commits viewable in <a href="0225834cc5...83f0fe6c49">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
56 lines
1.9 KiB
YAML
56 lines
1.9 KiB
YAML
name: Scorecards supply-chain security
|
|
on:
|
|
# Only the default branch is supported.
|
|
branch_protection_rule:
|
|
push:
|
|
branches: [ main ]
|
|
|
|
# Declare default permissions as read only.
|
|
permissions: read-all
|
|
|
|
jobs:
|
|
analysis:
|
|
name: Scorecards analysis
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.repository == 'flutter/samples' }}
|
|
permissions:
|
|
# Needed to upload the results to code-scanning dashboard.
|
|
security-events: write
|
|
actions: read
|
|
contents: read
|
|
id-token: write
|
|
|
|
steps:
|
|
- name: "Checkout code"
|
|
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: "Run analysis"
|
|
uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af
|
|
with:
|
|
results_file: results.sarif
|
|
results_format: sarif
|
|
# Read-only PAT token. To create it,
|
|
# follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation.
|
|
repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
|
|
# Publish the results to enable scorecard badges. For more details, see
|
|
# https://github.com/ossf/scorecard-action#publishing-results.
|
|
# For private repositories, `publish_results` will automatically be set to `false`,
|
|
# regardless of the value entered here.
|
|
publish_results: true
|
|
|
|
# Upload the results as artifacts (optional).
|
|
- name: "Upload artifact"
|
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
|
|
with:
|
|
name: SARIF file
|
|
path: results.sarif
|
|
retention-days: 5
|
|
|
|
# Upload the results to GitHub's code scanning dashboard.
|
|
- name: "Upload to code-scanning"
|
|
uses: github/codeql-action/upload-sarif@83f0fe6c4988d98a455712a27f0255212bba9bd4
|
|
with:
|
|
sarif_file: results.sarif
|