libjxl

FORK: libjxl patches used on blog
git clone https://git.neptards.moe/blog/libjxl.git
Log | Files | Refs | Submodules | README | LICENSE

scorecard.yml (2950B)

      1 # Copyright (c) the JPEG XL Project Authors. All rights reserved.
      2 #
      3 # Use of this source code is governed by a BSD-style
      4 # license that can be found in the LICENSE file
      5 
      6 # This workflow uses actions that are not certified by GitHub. They are provided
      7 # by a third-party and are governed by separate terms of service, privacy
      8 # policy, and support documentation.
      9 
     10 name: Scorecard supply-chain security
     11 on:
     12   # For Branch-Protection check. Only the default branch is supported. See
     13   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
     14   branch_protection_rule:
     15   # To guarantee Maintained check is occasionally updated. See
     16   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
     17   schedule:
     18     - cron: '13 2 * * 3'
     19   push:
     20     branches: [ "main" ]
     21 
     22 # Declare default permissions as read only.
     23 permissions: read-all
     24 
     25 jobs:
     26   analysis:
     27     name: Scorecard analysis
     28     runs-on: ubuntu-latest
     29     permissions:
     30       # Needed to upload the results to code-scanning dashboard.
     31       security-events: write
     32       # Needed to publish results and get a badge (see publish_results below).
     33       id-token: write
     34 
     35     steps:
     36       - name: Harden Runner
     37         uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
     38         with:
     39           egress-policy: audit
     40 
     41       - name: "Checkout code"
     42         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     43         with:
     44           persist-credentials: false
     45 
     46       - name: "Run analysis"
     47         uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
     48         with:
     49           results_file: results.sarif
     50           results_format: sarif
     51           # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
     52           # you want to enable the Branch-Protection check on a *public* repository
     53           # To create the PAT, follow the steps in
     54           # https://github.com/ossf/scorecard-action#authentication-with-fine-grained-pat-optional
     55           repo_token: ${{ secrets.SCORECARD_TOKEN }}
     56 
     57           # - Publish results to OpenSSF REST API for easy access by consumers
     58           # - Allows the repository to include the Scorecard badge.
     59           # - See https://github.com/ossf/scorecard-action#publishing-results.
     60           publish_results: true
     61 
     62       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
     63       # format to the repository Actions tab.
     64       - name: "Upload artifact"
     65         uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
     66         with:
     67           name: SARIF file
     68           path: results.sarif
     69           retention-days: 5
     70 
     71       # Upload the results to GitHub's code scanning dashboard.
     72       - name: "Upload to code-scanning"
     73         uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3
     74         with:
     75           sarif_file: results.sarif