Skip to content

Bump the github-actions group across 1 directory with 4 updates #1550

Bump the github-actions group across 1 directory with 4 updates

Bump the github-actions group across 1 directory with 4 updates #1550

Workflow file for this run

---
name: "sast"
on:
pull_request:
branches:
- "main"
push:
branches:
- "main"
schedule:
- cron: "19 19 * * 4"
permissions: "read-all"
jobs:
ossf:
runs-on: "ubuntu-latest"
# ossf scorecard only supported on main branch
if: github.event_name != 'pull_request'
permissions:
security-events: "write"
id-token: "write"
contents: "read"
actions: "read"
steps:
- uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd"
with:
persist-credentials: false
- uses: "ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a"
with:
results_file: "results.sarif"
results_format: "sarif"
publish_results: true
- uses: "actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f"
with:
name: "SARIF file"
path: "results.sarif"
retention-days: 5
- uses: "github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30"
with:
sarif_file: "results.sarif"
codeql:
runs-on: "ubuntu-latest"
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd"
- uses: "github/codeql-action/init@b20883b0cd1f46c72ae0ba6d1090936928f9fa30"
with:
languages: "typescript"
- uses: "pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061"
with:
version: "latest"
- uses: "actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238"
with:
node-version-file: ".nvmrc"
cache: "pnpm"
- run: "make install"
- uses: "github/codeql-action/analyze@b20883b0cd1f46c72ae0ba6d1090936928f9fa30"