mirror of
https://github.com/Fdawgs/node-poppler.git
synced 2026-07-02 00:17:43 +08:00
ci: add ossf scorecard workflow (#807)
This commit is contained in:
@@ -0,0 +1,45 @@
|
|||||||
|
name: OSSF Scorecard Analysis
|
||||||
|
|
||||||
|
# **What it does**: Runs OSSF Scorecard analysis on the repository and uploads the results.
|
||||||
|
# **Why we have it**: Security scanning.
|
||||||
|
|
||||||
|
on:
|
||||||
|
branch_protection_rule:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
paths-ignore:
|
||||||
|
- "docs/**"
|
||||||
|
- "*.md"
|
||||||
|
schedule:
|
||||||
|
# ┌───────────── minute (0 - 59)
|
||||||
|
# │ ┌───────────── hour (0 - 23)
|
||||||
|
# │ │ ┌───────────── day of the month (1 - 31)
|
||||||
|
# │ │ │ ┌───────────── month (1 - 12 or JAN-DEC)
|
||||||
|
# │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
|
||||||
|
# │ │ │ │ │
|
||||||
|
# │ │ │ │ │
|
||||||
|
# │ │ │ │ │
|
||||||
|
# * * * * *
|
||||||
|
- cron: "21 17 * * 0"
|
||||||
|
# Allows this workflow to be run manually from the Actions tab
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
# This allows a subsequently queued workflow run to interrupt previous runs
|
||||||
|
concurrency:
|
||||||
|
group: "${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}"
|
||||||
|
cancel-in-progress: true
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
analysis:
|
||||||
|
name: OSSF Scorecard Analysis
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
id-token: write
|
||||||
|
security-events: write
|
||||||
|
uses: fdawgs/workflows/.github/workflows/reusable-ossf-scorecard.yml@15c09545397588f9a2ac47db6c6269520ebc983a # v2.2.0
|
||||||
|
with:
|
||||||
|
publish_results: true
|
||||||
@@ -5,6 +5,7 @@
|
|||||||
[](https://github.com/Fdawgs/node-poppler/actions/workflows/ci.yml)
|
[](https://github.com/Fdawgs/node-poppler/actions/workflows/ci.yml)
|
||||||
[](https://coveralls.io/github/Fdawgs/node-poppler?branch=main)
|
[](https://coveralls.io/github/Fdawgs/node-poppler?branch=main)
|
||||||
[](https://github.com/prettier/prettier)
|
[](https://github.com/prettier/prettier)
|
||||||
|
[](https://scorecard.dev/viewer/?uri=github.com/Fdawgs/node-poppler)
|
||||||
|
|
||||||
> Asynchronous Node.js wrapper for the Poppler PDF rendering utilities
|
> Asynchronous Node.js wrapper for the Poppler PDF rendering utilities
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user