actions/codecov-action
3
0
Fork 0
mirror of https://github.com/codecov/codecov-action.git synced 2026-02-15 15:31:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into dependabot/github_actions/ossf/scorecard-action-1.1.1

Browse source
This commit is contained in:
Mitchell Borrego 2022-06-07 11:47:57 -04:00 committed by GitHub
commit 4e28101c90
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 27 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
.github/workflows/scorecards-analysis.yml vendored
View file

@ -3,7 +3,7 @@ on:
# Only the default branch is supported. # Only the default branch is supported.
branch_protection_rule: branch_protection_rule:
schedule: schedule:
- cron: '36 18 * * 6' - cron: '43 20 * * 1'
push: push:
branches: [ master ] branches: [ master ]
@ -17,12 +17,14 @@ jobs:
permissions: permissions:
# Needed to upload the results to code-scanning dashboard. # Needed to upload the results to code-scanning dashboard.
security-events: write security-events: write
# Used to receive a badge. (Upcoming feature)
id-token: write
actions: read actions: read
contents: read contents: read
steps: steps:
- name: "Checkout code" - name: "Checkout code"
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0
with: with:
persist-credentials: false persist-credentials: false
@ -31,23 +33,27 @@ jobs:
with: with:
results_file: results.sarif results_file: results.sarif
results_format: sarif results_format: sarif
# Read-only PAT token. To create it, # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
# follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation. # - you want to enable the Branch-Protection check on a *public* repository, or
repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} # - you are installing Scorecards on a *private* repository
# Publish the results to enable scorecard badges. For more details, see # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
# https://github.com/ossf/scorecard-action#publishing-results. # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
# For private repositories, `publish_results` will automatically be set to `false`,
# regardless of the value entered here. # Publish the results for public repositories to enable scorecard badges. For more details, see
# https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories, `publish_results` will automatically be set to `false`, regardless
# of the value entered here.
publish_results: true publish_results: true
# Upload the results as artifacts (optional). # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact" - name: "Upload artifact"
uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1 uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0
with: with:
name: SARIF file name: SARIF file
path: results.sarif path: results.sarif
retention-days: 5 retention-days: 5
# Upload the results to GitHub's code scanning dashboard. # Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning" - name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26 uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26

14
package-lock.json generated
View file

@ -26,7 +26,7 @@
"jest": "^26.6.3", "jest": "^26.6.3",
"jest-junit": "^13.2.0", "jest-junit": "^13.2.0",
"ts-jest": "^26.5.6", "ts-jest": "^26.5.6",
"typescript": "^4.6.4" "typescript": "^4.7.3"
} }
}, },
"node_modules/@actions/core": { "node_modules/@actions/core": {
@ -7362,9 +7362,9 @@
} }
}, },
"node_modules/typescript": { "node_modules/typescript": {
"version": "4.6.4", "version": "4.7.3",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.4.tgz", "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.7.3.tgz",
"integrity": "sha512-9ia/jWHIEbo49HfjrLGfKbZSuWo9iTMwXO+Ca3pRsSpbsMbc7/IU8NKdCZVRRBafVPGnoJeFL76ZOAA84I9fEg==", "integrity": "sha512-WOkT3XYvrpXx4vMMqlD+8R8R37fZkjyLGlxavMc4iB8lrl8L0DeTcHbYgw/v0N/z9wAFsgBhcsF0ruoySS22mA==",
"dev": true, "dev": true,
"bin": { "bin": {
"tsc": "bin/tsc", "tsc": "bin/tsc",
@ -13465,9 +13465,9 @@
} }
}, },
"typescript": { "typescript": {
"version": "4.6.4", "version": "4.7.3",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.4.tgz", "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.7.3.tgz",
"integrity": "sha512-9ia/jWHIEbo49HfjrLGfKbZSuWo9iTMwXO+Ca3pRsSpbsMbc7/IU8NKdCZVRRBafVPGnoJeFL76ZOAA84I9fEg==", "integrity": "sha512-WOkT3XYvrpXx4vMMqlD+8R8R37fZkjyLGlxavMc4iB8lrl8L0DeTcHbYgw/v0N/z9wAFsgBhcsF0ruoySS22mA==",
"dev": true "dev": true
}, },
"union-value": { "union-value": {

2
package.json
View file

@ -40,6 +40,6 @@
"jest": "^26.6.3", "jest": "^26.6.3",
"jest-junit": "^13.2.0", "jest-junit": "^13.2.0",
"ts-jest": "^26.5.6", "ts-jest": "^26.5.6",
"typescript": "^4.6.4" "typescript": "^4.7.3"
} }
} }