This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch POOL_2_X
in repository https://gitbox.apache.org/repos/asf/commons-pool.git
The following commit(s) were added to refs/heads/POOL_2_X by this push:
new ef93c90c Scorecard Only default branch is supported
ef93c90c is described below
commit ef93c90cc3fa6ab0b5cb83d44f2b29b0ff076d9b
Author: Gary Gregory <garydgreg...@gmail.com>
AuthorDate: Mon Nov 4 19:51:18 2024 -0500
Scorecard Only default branch is supported
---
.github/workflows/scorecards-analysis.yml | 69 -------------------------------
1 file changed, 69 deletions(-)
diff --git a/.github/workflows/scorecards-analysis.yml
b/.github/workflows/scorecards-analysis.yml
deleted file mode 100644
index eba354fe..00000000
--- a/.github/workflows/scorecards-analysis.yml
+++ /dev/null
@@ -1,69 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache license, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the license for the specific language governing permissions and
-# limitations under the license.
-
-name: "Scorecards supply-chain security"
-
-on:
- branch_protection_rule:
- schedule:
- - cron: "30 1 * * 6" # Weekly on Saturdays
- push:
- branches: [ "master" ]
-
-permissions: read-all
-
-jobs:
-
- analysis:
-
- name: "Scorecards analysis"
- runs-on: ubuntu-latest
- permissions:
- # Needed to upload the results to the code-scanning dashboard.
- security-events: write
- actions: read
- id-token: write # This is required for requesting the JWT
- contents: read # This is required for actions/checkout
-
- steps:
-
- - name: "Checkout code"
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 #
v3.5.3
- with:
- persist-credentials: false
-
- - name: "Run analysis"
- uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031
# 2.2.0
- with:
- results_file: results.sarif
- results_format: sarif
- # A read-only PAT token, which is sufficient for the action to
function.
- # The relevant discussion:
https://github.com/ossf/scorecard-action/issues/188
- repo_token: ${{ secrets.GITHUB_TOKEN }}
- # Publish the results for public repositories to enable scorecard
badges.
- # For more details:
https://github.com/ossf/scorecard-action#publishing-results
- publish_results: true
-
- - name: "Upload artifact"
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
# 3.1.0
- with:
- name: SARIF file
- path: results.sarif
- retention-days: 5
-
- - name: "Upload to code-scanning"
- uses:
github/codeql-action/upload-sarif@46ed16ded91731b2df79a2893d3aea8e9f03b5c4 #
2.20.3
- with:
- sarif_file: results.sarif
