mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 17:05:18 +00:00
dbf87cbe62
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.4 to 2.20.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>CodeQL Bundle</h2> <p>Bundles CodeQL CLI v2.13.4</p> <ul> <li>(<a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.13.4">release</a>)</li> </ul> <p>Includes the following CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4"><code>github/codeql@codeql-cli/v2.13.4</code></a>:</p> <ul> <li><code>codeql/cpp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src">source</a>)</li> <li><code>codeql/cpp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/lib">source</a>)</li> <li><code>codeql/csharp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/src">source</a>)</li> <li><code>codeql/csharp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/lib">source</a>)</li> <li><code>codeql/go-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/src">source</a>)</li> <li><code>codeql/go-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/lib">source</a>)</li> <li><code>codeql/java-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/src">source</a>)</li> <li><code>codeql/java-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/lib">source</a>)</li> <li><code>codeql/javascript-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/src">source</a>)</li> <li><code>codeql/javascript-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/lib">source</a>)</li> <li><code>codeql/python-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/src">source</a>)</li> <li><code>codeql/python-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/lib">source</a>)</li> <li><code>codeql/ruby-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/src">source</a>)</li> <li><code>codeql/ruby-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/lib">source</a>)</li> <li><code>codeql/swift-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/src">source</a>)</li> <li><code>codeql/swift-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/lib">source</a>)</li> </ul> <h2>CodeQL Bundle v2.6.0-beta.1</h2> <p>Bundles CodeQL CLI <a href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.6.0-beta.1">v2.6.0-beta.1</a></p> <h3>⚠️ This is a beta release containing a new CodeQL packaging feature. It may not be compatible with existing workflows.</h3> <p>This release contains beta support for <strong>CodeQL packs</strong>. Please read the documentation below for more information:</p> <ul> <li><a href="https://codeql.github.com/docs/codeql-cli/about-codeql-packs">Using CodeQL packs with the CodeQL CLI</a></li> <li><a href="https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-codeql-query-packs">Using CodeQL packs in Code Scanning on GitHub Actions</a></li> <li><a href="https://docs.github.com/en/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system#downloading-and-using-codeql-query-packs">Using CodeQL packs in Code Scanning on 3rd-party CI systems</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.20.1 - 21 Jun 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.4. <a href="https://redirect.github.com/github/codeql-action/pull/1721">#1721</a></li> <li>Experimental: add a new <code>resolve-environment</code> action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.</li> </ul> <h2>2.20.0 - 13 Jun 2023</h2> <ul> <li>Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to <a href="cdcdbb5797"><code>cdcdbb5</code></a>, which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. Full details in <a href="https://redirect.github.com/github/codeql-action/pull/1729">#1729</a></li> </ul> <h2>2.3.6 - 01 Jun 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.3. <a href="https://redirect.github.com/github/codeql-action/pull/1698">#1698</a></li> </ul> <h2>2.3.5 - 25 May 2023</h2> <ul> <li>Allow invalid URIs to be used as values to <code>artifactLocation.uri</code> properties. This reverses a change from <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a> that inadvertently led to stricter validation of some URI values. <a href="https://redirect.github.com/github/codeql-action/pull/1705">#1705</a></li> <li>Gracefully handle invalid URIs when fingerprinting. <a href="https://redirect.github.com/github/codeql-action/pull/1694">#1694</a></li> </ul> <h2>2.3.4 - 24 May 2023</h2> <ul> <li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a href="123e95847b/Schemata/sarif-schema-2.1.0.json">oasis-tcs/sarif-spec</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li> <li>We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. <a href="https://redirect.github.com/github/codeql-action/pull/1676">#1676</a></li> <li>We are improving the way that <a href="https://github.com/github/codeql-action/releases">CodeQL bundles</a> are tagged to make it possible to easily identify bundles by their CodeQL semantic version. <a href="https://redirect.github.com/github/codeql-action/pull/1682">#1682</a> <ul> <li>As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using semantic versions, for example <code>codeql-bundle-v2.13.4</code>, instead of timestamps, like <code>codeql-bundle-20230615</code>.</li> <li>This change does not affect the majority of workflows, and we will not be changing tags for existing bundle releases.</li> <li>Some workflows with custom logic that depends on the specific format of the CodeQL bundle tag may need to be updated. For example, if your workflow matches CodeQL bundle tag names against a <code>codeql-bundle-yyyymmdd</code> pattern, you should update it to also recognize <code>codeql-bundle-vx.y.z</code> tags.</li> </ul> </li> <li>Remove the requirement for <code>on.push</code> and <code>on.pull_request</code> to trigger on the same branches. <a href="https://redirect.github.com/github/codeql-action/pull/1675">#1675</a></li> </ul> <h2>2.3.3 - 04 May 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.1. <a href="https://redirect.github.com/github/codeql-action/pull/1664">#1664</a></li> <li>You can now configure CodeQL within your code scanning workflow by passing a <code>config</code> input to the <code>init</code> Action. See <a href="https://aka.ms/code-scanning-docs/config-file">Using a custom configuration file</a> for more information about configuring code scanning. <a href="https://redirect.github.com/github/codeql-action/pull/1590">#1590</a></li> </ul> <h2>2.3.2 - 27 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.1 - 26 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.0 - 21 Apr 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.0. <a href="https://redirect.github.com/github/codeql-action/pull/1649">#1649</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="f6e388ebf0"><code>f6e388e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1736">#1736</a> from github/update-v2.20.1-4385ad556</li> <li><a href="2874247228"><code>2874247</code></a> Update changelog for v2.20.1</li> <li><a href="4385ad5563"><code>4385ad5</code></a> Send <code>job_run_uuid</code> to status report telemetry (<a href="https://redirect.github.com/github/codeql-action/issues/1685">#1685</a>)</li> <li><a href="8ba77ef4d3"><code>8ba77ef</code></a> Bump <code>@octokit/types</code> from 9.0.0 to 10.0.0 (<a href="https://redirect.github.com/github/codeql-action/issues/1734">#1734</a>)</li> <li><a href="82dbde173c"><code>82dbde1</code></a> Fix setup-swift composite action for versions 5.8, 5.8.1 (<a href="https://redirect.github.com/github/codeql-action/issues/1735">#1735</a>)</li> <li><a href="c6dff3470e"><code>c6dff34</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1721">#1721</a> from github/update-bundle/codeql-bundle-v2.13.4</li> <li><a href="3e0c87dc38"><code>3e0c87d</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.13.4</li> <li><a href="de74ca6211"><code>de74ca6</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1732">#1732</a> from github/henrymercer/tolerate-unexpected-processi...</li> <li><a href="d6201b58de"><code>d6201b5</code></a> Improve logging messages</li> <li><a href="0ac18158d1"><code>0ac1815</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1684">#1684</a> from github/mbg/add-resolve-environment</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/v2.2.4...f6e388ebf0efc915c6c5b165b019ee61a6746a38">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
53 lines
1.8 KiB
YAML
53 lines
1.8 KiB
YAML
name: OSSF Scorecard
|
|
on:
|
|
# For Branch-Protection check. Only the default branch is supported. See
|
|
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
|
|
branch_protection_rule:
|
|
# To guarantee Maintained check is occasionally updated. See
|
|
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
|
|
schedule:
|
|
- cron: '20 0 * * 1'
|
|
push:
|
|
branches: [ "main" ]
|
|
|
|
# Declare default permissions as read only.
|
|
permissions: read-all
|
|
|
|
jobs:
|
|
analysis:
|
|
name: Scorecard analysis
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
# Needed to upload the results to code-scanning dashboard.
|
|
security-events: write
|
|
# Needed to publish results and get a badge (see publish_results below).
|
|
id-token: write
|
|
|
|
steps:
|
|
- name: "Checkout code"
|
|
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: "Run analysis"
|
|
uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
|
|
with:
|
|
results_file: results.sarif
|
|
results_format: sarif
|
|
publish_results: true
|
|
|
|
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
|
|
# format to the repository Actions tab.
|
|
- name: "Upload artifact"
|
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
|
with:
|
|
name: SARIF file
|
|
path: results.sarif
|
|
retention-days: 5
|
|
|
|
# Upload the results to GitHub's code scanning dashboard.
|
|
- name: "Upload to code-scanning"
|
|
uses: github/codeql-action/upload-sarif@f6e388ebf0efc915c6c5b165b019ee61a6746a38 # v2.20.1
|
|
with:
|
|
sarif_file: results.sarif
|