Skip to content

Bump the github-actions group across 1 directory with 5 updates #1613

Bump the github-actions group across 1 directory with 5 updates

Bump the github-actions group across 1 directory with 5 updates #1613

Workflow file for this run

---
name: "sast"
on:
pull_request:
branches:
- "main"
push:
branches:
- "main"
schedule:
- cron: "19 19 * * 4"
permissions: "read-all"
jobs:
ossf:
runs-on: "ubuntu-latest"
# ossf scorecard only supported on main branch
if: github.event_name != 'pull_request'
permissions:
security-events: "write"
id-token: "write"
contents: "read"
actions: "read"
steps:
- uses: "actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0"
with:
persist-credentials: false
- uses: "ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a"
with:
results_file: "results.sarif"
results_format: "sarif"
publish_results: true
- uses: "actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a"
with:
name: "SARIF file"
path: "results.sarif"
retention-days: 5
- uses: "github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e"
with:
sarif_file: "results.sarif"
codeql:
runs-on: "ubuntu-latest"
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: "actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0"
- uses: "github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e"
with:
languages: "typescript"
- uses: "pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271"
with:
version: "latest"
- uses: "actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e"
with:
node-version-file: ".nvmrc"
cache: "pnpm"
- run: "make install"
- uses: "github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e"