kyverno/.github/workflows/scorecard.yaml

name: Scorecards supply-chain security

on:
  schedule:
    - cron: '30 1 * * 6'
  push:
    branches:
      - main

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  analysis:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
      id-token: write
    steps:
      - name: Checkout
        uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v3.5.1
        with:
          persist-credentials: false
      - name: Check secret
        id: checksecret
        uses: ./.github/actions/is-defined
        with:
          value: ${{ secrets.SCORECARD_READ_TOKEN }}
      - name: Setup build env
        if: steps.checksecret.outputs.result == 'true'
        uses: ./.github/actions/setup-build-env
      - name: Run analysis
        if: steps.checksecret.outputs.result == 'true'
        uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
        with:
          results_file: results.sarif
          results_format: sarif
          repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
          publish_results: true
      - name: Upload artifact
        if: steps.checksecret.outputs.result == 'true'
        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
        with:
          name: SARIF file
          path: results.sarif
          retention-days: 5
      - name: Upload to code-scanning
        if: steps.checksecret.outputs.result == 'true'
        uses: github/codeql-action/upload-sarif@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v2.2.11
        with:
          sarif_file: results.sarif
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`name: Scorecards supply-chain security`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`on:`
			`schedule:`
			`- cron: '30 1 * * 6'`
			`push:`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`branches:`
			`- main`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30
chore: add missing gh workflow concurrency statements (#5914) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-06 16:24:55 +01:00			`concurrency:`
			`group: ${{ github.workflow }}-${{ github.ref }}`
			`cancel-in-progress: true`

Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`jobs:`
			`analysis:`
			`runs-on: ubuntu-latest`
			`permissions:`
			`security-events: write`
			`id-token: write`
			`steps:`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`- name: Checkout`
chore(deps): bump actions/checkout from 3.5.0 to 3.5.1 (#6890) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.0 to 3.5.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8f4b7f84864484a7bf31766abe9204da3cbe65b3...83b7061638ee4956cf7545a6f7efe594e5ad0247) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2023-04-13 10:59:50 +00:00			`uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v3.5.1`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`with:`
			`persist-credentials: false`
chore: do not run scorecard workflow if token is not defined (#5927) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-07 05:36:47 +01:00			`- name: Check secret`
			`id: checksecret`
			`uses: ./.github/actions/is-defined`
			`with:`
			`value: ${{ secrets.SCORECARD_READ_TOKEN }}`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`- name: Setup build env`
chore: do not run scorecard workflow if token is not defined (#5927) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-07 05:36:47 +01:00			`if: steps.checksecret.outputs.result == 'true'`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`uses: ./.github/actions/setup-build-env`
			`- name: Run analysis`
chore: do not run scorecard workflow if token is not defined (#5927) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-07 05:36:47 +01:00			`if: steps.checksecret.outputs.result == 'true'`
chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#6729) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/e38b1902ae4f44df626f11ba0734b14fb91f8f86...80e868c13c90f172d68d1f4501dee99e2479f7af) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-03-30 14:09:29 +00:00			`uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`with:`
			`results_file: results.sarif`
			`results_format: sarif`
			`repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}`
			`publish_results: true`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`- name: Upload artifact`
chore: do not run scorecard workflow if token is not defined (#5927) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-07 05:36:47 +01:00			`if: steps.checksecret.outputs.result == 'true'`
chore(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 (#5940) * chore(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.1 to 3.1.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/83fd05a356d7e2593de66fc9913b3002723633cb...0b7f8abb1508181956e8e162db84b466c27e18ce) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Update .github/workflows/reuse.yaml Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> 2023-01-09 09:05:26 +00:00			`uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`with:`
			`name: SARIF file`
			`path: results.sarif`
			`retention-days: 5`
chore: add setup test env gh action (#5897) * chore: add setup test env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * score card Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-05 23:36:13 +01:00			`- name: Upload to code-scanning`
chore: do not run scorecard workflow if token is not defined (#5927) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-01-07 05:36:47 +01:00			`if: steps.checksecret.outputs.result == 'true'`
chore(deps): bump github/codeql-action from 2.2.10 to 2.2.11 (#6819) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.10 to 2.2.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/8c8d71dde4abced210732d8486586914b97752e8...d186a2a36cc67bfa1b860e6170d37fb9634742c7) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2023-04-07 07:41:14 +00:00			`uses: github/codeql-action/upload-sarif@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v2.2.11`
Created configuration file for Openssf scorecard (#4778) Signed-off-by: Abhiyant Gwalani <71189932+abhiyant-10@users.noreply.github.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> 2022-10-19 12:57:45 +05:30			`with:`
			`sarif_file: results.sarif`