This repository has been archived by the owner on Aug 25, 2024. It is now read-only.

ci: alice: async comms: permissions: write #63

	name: Scorecard supply-chain security
	on:
	branch_protection_rule:
	push:
	branches:
	- main

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	permissions: read-all

	jobs:
	analysis:
	name: Scorecard analysis
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	id-token: write
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
	with:
	egress-policy: audit

	- name: "Checkout code"
	uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
	with:
	persist-credentials: false
	- name: "Run analysis"
	uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
	with:
	results_file: results.sarif
	results_format: sarif
	publish_results: true
	- name: "Upload artifact"
	uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
	with:
	name: SARIF file
	path: results.sarif
	retention-days: 5
	- name: Upload SARIF file
	uses: github/codeql-action/upload-sarif@v3
	with:
	# Path to SARIF file relative to the root of the repository
	sarif_file: results.sarif
	# Optional category for the results
	# Used to differentiate multiple results for one commit
	category: ossf-scorecard

Provide feedback