taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 10:20:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: add repo_token and permissions to scorecard workflow

Browse Source
This commit is contained in:
devitway
2026-03-19 10:35:57 +00:00
parent 7f7e3e4986
commit 4ec963d41c
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.github/workflows/scorecard.yml vendored
View File

@@ -4,7 +4,7 @@ on:
push: push:
branches: [main] branches: [main]
schedule: schedule:
- cron: '0 6 * * 1' # every Monday at 06:00 UTC - cron: '0 6 * * 1'
permissions: read-all permissions: read-all
@@ -15,20 +15,21 @@ jobs:
permissions: permissions:
security-events: write security-events: write
id-token: write id-token: write
contents: read
actions: read
steps: steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with: with:
persist-credentials: false persist-credentials: false
# Note: scorecard-action is a Docker-based action that resolves by tag only,
# SHA pinning causes resolution failures. Using tag per ossf recommendation.
- name: Run OpenSSF Scorecard - name: Run OpenSSF Scorecard
uses: ossf/scorecard-action@v2.4.3 uses: ossf/scorecard-action@v2.4.3
with: with:
results_file: results.sarif results_file: results.sarif
results_format: sarif results_format: sarif
publish_results: true publish_results: true
repo_token: ${{ secrets.SCORECARD_TOKEN || secrets.GITHUB_TOKEN }}
- name: Upload Scorecard results to GitHub Security tab - name: Upload Scorecard results to GitHub Security tab
uses: github/codeql-action/upload-sarif@a60c4df7a135c7317c1e9ddf9b5a9b07a910dda9 # v4 uses: github/codeql-action/upload-sarif@a60c4df7a135c7317c1e9ddf9b5a9b07a910dda9 # v4