github/slsa-verifier
1
0
Fork 0
mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-06 16:46:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

update (#170)

Browse Source
This commit is contained in:
laurentsimon
2022-07-25 13:14:00 -07:00
committed by GitHub
parent ad90b50548
commit 05def419b2
4 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/codeql-analysis.yml vendored
View File

@@ -40,11 +40,11 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.1.2
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 # tag=v2
uses: github/codeql-action/init@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 # tag=v2.1.2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -55,7 +55,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 # tag=v2
uses: github/codeql-action/autobuild@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 # tag=v2.1.2
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 # tag=v2
uses: github/codeql-action/analyze@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 # tag=v2.1.2

4
.github/workflows/depsreview.yml vendored
View File

@@ -9,6 +9,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.1.2
- name: 'Dependency Review'
uses: actions/dependency-review-action@94145f3150bfabdc97540cbd5f7e926306ea7744 # tag=v2
uses: actions/dependency-review-action@94145f3150bfabdc97540cbd5f7e926306ea7744 # tag=v2.1.2

4
.github/workflows/pre-submit.yml vendored
View File

@@ -8,10 +8,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.1.2
- name: setup-go
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # tag=v3
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # tag=v3.1.2
with:
go-version: '1.18'

8
.github/workflows/scorecards.yml vendored
View File

@@ -25,12 +25,12 @@ jobs:
steps:
- name: "Checkout code"
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.1.2
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@ccd0038c79bb718836dc19c8ea53ed89f1d7ca4d # tag=v1
uses: ossf/scorecard-action@ccd0038c79bb718836dc19c8ea53ed89f1d7ca4d # tag=v1.1.2
with:
results_file: results.sarif
results_format: sarif
@@ -49,7 +49,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.2
with:
name: SARIF file
path: results.sarif
@@ -57,6 +57,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@ea8fb214deac1ec94ec737510133addb560d0f22 # tag=v1
uses: github/codeql-action/upload-sarif@ea8fb214deac1ec94ec737510133addb560d0f22 # tag=v1.1.2
with:
sarif_file: results.sarif