Inicio Explorar Ayuda
Iniciar sesión
bytecodealliance
/
wasm-micro-runtime
espejo de https://github-proxy.rt-thread.io/bytecodealliance/wasm-micro-runtime.git
2
0
Fork 0
Archivos Incidencias 0 Wiki
Rama: copilot/debug-aot-on-jit
Ramas Etiquetas
wasm-micro-runt...
/
.github
/
workflows
/
supply_chain.yml

supply_chain.yml 2.4 KB
Permalink Histórico Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 
  1. # This workflow uses actions that are not certified by GitHub. They are provided
    2. 

  2. # by a third-party and are governed by separate terms of service, privacy
    3. 

  3. # policy, and support documentation.
    4. 

  4. 

  5. # Check current WASM Micro Runtime results here: https://securityscorecards.dev/viewer/?uri=github.com/bytecodealliance/wasm-micro-runtime
    6. 

  6. 

  7. name: Scorecard supply-chain security
    8. 

  8. on:
    9. 

  9.   # For Branch-Protection check. Only the default branch is supported. See
    10. 

  10.   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
    11. 

  11.   branch_protection_rule:
    12. 

  12.   # To guarantee Maintained check is occasionally updated. See
    13. 

  13.   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
    14. 

  14.   # midnight UTC
    15. 

  15.   schedule:
    16. 

  16.     - cron: "0 0 * * *"
    17. 

  17.   # allow to be triggered manually
    18. 

  18.   workflow_dispatch:
    19. 

  19. 

  20. # Declare default permissions as read only.
    21. 

  21. permissions:
    22. 

  22.   contents: read
    23. 

  23. 

  24. jobs:
    25. 

  25.   analysis:
    26. 

  26.     name: Scorecard analysis
    27. 

  27.     runs-on: ubuntu-latest
    28. 

  28.     if: github.repository == 'bytecodealliance/wasm-micro-runtime'
    29. 

  29.     permissions:
    30. 

  30.       # Needed to upload the results to code-scanning dashboard.
    31. 

  31.       security-events: write
    32. 

  32.       # Needed to publish results and get a badge (see publish_results below).
    33. 

  33.       id-token: write      
    34. 

  34. 

  35.     steps:
    36. 

  36.       - name: "Checkout code"
    37. 

  37.         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v3.1.0
    38. 

  38.         with:
    39. 

  39.           persist-credentials: false
    40. 

  40. 

  41.       - name: "Run analysis"
    42. 

  42.         uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
    43. 

  43.         with:
    44. 

  44.           results_file: results.sarif
    45. 

  45.           results_format: sarif
    46. 

  46. 

  47.           #   - Publish results to OpenSSF REST API for easy access by consumers
    48. 

  48.           #   - Allows the repository to include the Scorecard badge.
    49. 

  49.           #   - See https://github.com/ossf/scorecard-action#publishing-results.      
    50. 

  50.           publish_results: true
    51. 

  51. 

  52.       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
    53. 

  53.       # format to the repository Actions tab.
    54. 

  54.       - name: "Upload artifact"
    55. 

  55.         uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v3.1.0
    56. 

  56.         with:
    57. 

  57.           name: SARIF file
    58. 

  58.           path: results.sarif
    59. 

  59.           retention-days: 5
    60. 

  60. 

  61.       # Upload the results to GitHub's code scanning dashboard.
    62. 

  62.       - name: "Upload to code-scanning"
    63. 

  63.         uses: github/codeql-action/upload-sarif@4b675e451b3779918647db783e324bd9fd7f3932 
    64. 

  64.         with:
    65. 

  65.           sarif_file: results.sarif
    66.