Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

setup OSSF Scorecard workflow #2096

Merged
merged 1 commit into from
Jan 7, 2024
Merged

setup OSSF Scorecard workflow #2096

merged 1 commit into from
Jan 7, 2024

Conversation

mmorel-35
Copy link
Contributor

@mmorel-35 mmorel-35 commented Jan 7, 2024
edited
Loading

Which problem is this PR solving?

  • Improve OSSF Score

Description of the changes

  • setup OSSF Scorecard workflow
  • Pin github Actions versions
  • set permissions on workflows

How was this change tested?

  • CI

Checklist

@mmorel-35 mmorel-35 requested a review from a team as a code owner January 7, 2024 20:32
@mmorel-35 mmorel-35 requested review from pavolloffay and removed request for a team January 7, 2024 20:32
@codecov Codecov
Copy link

codecov bot commented Jan 7, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (039d8d6) 96.57% compared to head (cf3f857) 96.57%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2096   +/-   ##
=======================================
  Coverage   96.57%   96.57%           
=======================================
  Files         254      254           
  Lines        7620     7620           
  Branches     1986     1986           
=======================================
  Hits         7359     7359           
  Misses        261      261

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@mmorel-35
setup OSSF Scorecard workflow
cf3f857 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
@yurishkuro yurishkuro added the changelog:ci Change related to continuous integration / testing label Jan 7, 2024
@yurishkuro yurishkuro merged commit a6fb582 into jaegertracing:main Jan 7, 2024
10 of 11 checks passed
yurishkuro
yurishkuro reviewed Jan 7, 2024
View reviewed changes
.github/workflows/scorecard.yml
@@ -0,0 +1,56 @@
name: Scorecard supply-chain security

on:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would also suggest manual dispatch as an option

@mmorel-35 mmorel-35 deleted the ossf branch January 7, 2024 21:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yurishkuro yurishkuro yurishkuro approved these changes

@pavolloffay pavolloffay Awaiting requested review from pavolloffay pavolloffay is a code owner automatically assigned from jaegertracing/jaeger-maintainers

Assignees
No one assigned
Labels
changelog:ci Change related to continuous integration / testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mmorel-35 @yurishkuro