Skip to content

Bump the github-actions group across 1 directory with 3 updates #1606

Bump the github-actions group across 1 directory with 3 updates

Bump the github-actions group across 1 directory with 3 updates #1606

Workflow file for this run

---
name: "sast"
on:
pull_request:
branches:
- "main"
push:
branches:
- "main"
schedule:
- cron: "19 19 * * 4"
permissions: "read-all"
jobs:
ossf:
runs-on: "ubuntu-latest"
# ossf scorecard only supported on main branch
if: github.event_name != 'pull_request'
permissions:
security-events: "write"
id-token: "write"
contents: "read"
actions: "read"
steps:
- uses: "actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10"
with:
persist-credentials: false
- uses: "ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a"
with:
results_file: "results.sarif"
results_format: "sarif"
publish_results: true
- uses: "actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a"
with:
name: "SARIF file"
path: "results.sarif"
retention-days: 5
- uses: "github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463"
with:
sarif_file: "results.sarif"
codeql:
runs-on: "ubuntu-latest"
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: "actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10"
- uses: "github/codeql-action/init@87557b9c84dde89fdd9b10e88954ac2f4248e463"
with:
languages: "typescript"
- uses: "pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093"
with:
version: "latest"
- uses: "actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e"
with:
node-version-file: ".nvmrc"
cache: "pnpm"
- run: "make install"
- uses: "github/codeql-action/analyze@87557b9c84dde89fdd9b10e88954ac2f4248e463"