kyverno/.github/workflows/scorecard.yaml

name: Scorecards supply-chain security

on:
  schedule:
    - cron: '30 1 * * 6'
  push:
    branches:
      - main

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  analysis:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
      id-token: write
    steps:
      - name: Checkout
        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
        with:
          persist-credentials: false
      - name: Check secret
        id: checksecret
        uses: ./.github/actions/is-defined
        with:
          value: ${{ secrets.SCORECARD_READ_TOKEN }}
      - name: Setup build env
        if: steps.checksecret.outputs.result == 'true'
        uses: ./.github/actions/setup-build-env
      - name: Run analysis
        if: steps.checksecret.outputs.result == 'true'
        uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
        with:
          results_file: results.sarif
          results_format: sarif
          repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
          publish_results: true
      - name: Upload artifact
        if: steps.checksecret.outputs.result == 'true'
        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
        with:
          name: SARIF file
          path: results.sarif
          retention-days: 5
      - name: Upload to code-scanning
        if: steps.checksecret.outputs.result == 'true'
        uses: github/codeql-action/upload-sarif@0225834cc549ee0ca93cb085b92954821a145866 # v2.3.5
        with:
          sarif_file: results.sarif
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`name: Scorecards supply-chain security`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`on:`
			`schedule:`
			`- cron: '30 1 * * 6'`
			`push:`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`branches:`
			`- main`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30
chore: add missing gh workflow concurrency statements (#5914) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-06 16:24:55 +01:00			`concurrency:`
			`group: ${{ github.workflow }}-${{ github.ref }}`
			`cancel-in-progress: true`

Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`jobs:`
			`analysis:`
			`runs-on: ubuntu-latest`
			`permissions:`
			`security-events: write`
			`id-token: write`
			`steps:`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`- name: Checkout`
chore(deps): bump actions/checkout from 3.5.1 to 3.5.2 (#6926) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.1 to 3.5.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.5.1...8e5e7e5ab8b370d6c329ec480221332ada57f0ab) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2023-04-14 07:52:25 +00:00			`uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`with:`
			`persist-credentials: false`
chore: do not run scorecard workflow if token is not defined (#5927) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-07 05:36:47 +01:00			`- name: Check secret`
			`id: checksecret`
			`uses: ./.github/actions/is-defined`
			`with:`
			`value: ${{ secrets.SCORECARD_READ_TOKEN }}`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`- name: Setup build env`
chore: do not run scorecard workflow if token is not defined (#5927) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-07 05:36:47 +01:00			`if: steps.checksecret.outputs.result == 'true'`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`uses: ./.github/actions/setup-build-env`
			`- name: Run analysis`
chore: do not run scorecard workflow if token is not defined (#5927) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-07 05:36:47 +01:00			`if: steps.checksecret.outputs.result == 'true'`
chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#6729) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/e38b1902ae4f44df626f11ba0734b14fb91f8f86...80e868c13c90f172d68d1f4501dee99e2479f7af) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-03-30 14:09:29 +00:00			`uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`with:`
			`results_file: results.sarif`
			`results_format: sarif`
			`repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}`
			`publish_results: true`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`- name: Upload artifact`
chore: do not run scorecard workflow if token is not defined (#5927) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-07 05:36:47 +01:00			`if: steps.checksecret.outputs.result == 'true'`
chore(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 (#5940) * chore(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.1 to 3.1.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/83fd05a356d7e2593de66fc9913b3002723633cb...0b7f8abb1508181956e8e162db84b466c27e18ce) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Update .github/workflows/reuse.yaml Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> 2023-01-09 09:05:26 +00:00			`uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`with:`
			`name: SARIF file`
			`path: results.sarif`
			`retention-days: 5`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`- name: Upload to code-scanning`
chore: do not run scorecard workflow if token is not defined (#5927) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-07 05:36:47 +01:00			`if: steps.checksecret.outputs.result == 'true'`
chore(deps): bump github/codeql-action from 2.3.4 to 2.3.5 (#7302) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.4 to 2.3.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f0e3dfb30302f8a0881bb509b044e0de4f6ef589...0225834cc549ee0ca93cb085b92954821a145866) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2023-05-26 15:53:56 +08:00			`uses: github/codeql-action/upload-sarif@0225834cc549ee0ca93cb085b92954821a145866 # v2.3.5`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`with:`
			`sarif_file: results.sarif`