1
0
mirror of synced 2026-07-01 15:40:49 +00:00
Files
flux2/.github/workflows/ossf.yaml
T
dependabot[bot] 8d7e56c493 build(deps): bump the ci group with 10 updates
Bumps the ci group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.3` | `7.0.0` |
| [actions/setup-go](https://github.com/actions/setup-go) | `6.0.0` | `6.5.0` |
| [fluxcd/gha-workflows/.github/workflows/backport.yaml](https://github.com/fluxcd/gha-workflows) | `0.11.0` | `0.12.0` |
| [fluxcd/pkg/actions/kustomize](https://github.com/fluxcd/pkg) | `1.33.0` | `1.36.0` |
| [fluxcd/pkg/actions/yq](https://github.com/fluxcd/pkg) | `1.33.0` | `1.36.0` |
| [fluxcd/pkg/actions/crdjsonschema](https://github.com/fluxcd/pkg) | `1.33.0` | `1.36.0` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `7.2.2` | `7.2.3` |
| [fluxcd/gha-workflows/.github/workflows/code-scan.yaml](https://github.com/fluxcd/gha-workflows) | `0.11.0` | `0.12.0` |
| [fluxcd/gha-workflows/.github/workflows/labels-sync.yaml](https://github.com/fluxcd/gha-workflows) | `0.11.0` | `0.12.0` |
| [fluxcd/gha-workflows/.github/workflows/upgrade-fluxcd-pkg.yaml](https://github.com/fluxcd/gha-workflows) | `0.11.0` | `0.12.0` |


Updates `actions/checkout` from 6.0.3 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/df4cb1c069e1874edd31b4311f1884172cec0e10...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0)

Updates `actions/setup-go` from 6.0.0 to 6.5.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v6...924ae3a1cded613372ab5595356fb5720e22ba16)

Updates `fluxcd/gha-workflows/.github/workflows/backport.yaml` from 0.11.0 to 0.12.0
- [Release notes](https://github.com/fluxcd/gha-workflows/releases)
- [Commits](https://github.com/fluxcd/gha-workflows/compare/v0.11.0...v0.12.0)

Updates `fluxcd/pkg/actions/kustomize` from 1.33.0 to 1.36.0
- [Commits](https://github.com/fluxcd/pkg/compare/5a7f3ce0de742b6c561a50f90940d81cf6fc698d...b98e2b0975e0863f32790229ce7c9f097ed67706)

Updates `fluxcd/pkg/actions/yq` from 1.33.0 to 1.36.0
- [Commits](https://github.com/fluxcd/pkg/compare/5a7f3ce0de742b6c561a50f90940d81cf6fc698d...b98e2b0975e0863f32790229ce7c9f097ed67706)

Updates `fluxcd/pkg/actions/crdjsonschema` from 1.33.0 to 1.36.0
- [Commits](https://github.com/fluxcd/pkg/compare/5a7f3ce0de742b6c561a50f90940d81cf6fc698d...b98e2b0975e0863f32790229ce7c9f097ed67706)

Updates `goreleaser/goreleaser-action` from 7.2.2 to 7.2.3
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/5daf1e915a5f0af01ddbcd89a43b8061ff4f1a89...f06c13b6b1a9625abc9e6e439d9c05a8f2190e94)

Updates `fluxcd/gha-workflows/.github/workflows/code-scan.yaml` from 0.11.0 to 0.12.0
- [Release notes](https://github.com/fluxcd/gha-workflows/releases)
- [Commits](https://github.com/fluxcd/gha-workflows/compare/v0.11.0...v0.12.0)

Updates `fluxcd/gha-workflows/.github/workflows/labels-sync.yaml` from 0.11.0 to 0.12.0
- [Release notes](https://github.com/fluxcd/gha-workflows/releases)
- [Commits](https://github.com/fluxcd/gha-workflows/compare/v0.11.0...v0.12.0)

Updates `fluxcd/gha-workflows/.github/workflows/upgrade-fluxcd-pkg.yaml` from 0.11.0 to 0.12.0
- [Release notes](https://github.com/fluxcd/gha-workflows/releases)
- [Commits](https://github.com/fluxcd/gha-workflows/compare/v0.11.0...v0.12.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ci
- dependency-name: actions/setup-go
  dependency-version: 6.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: fluxcd/gha-workflows/.github/workflows/backport.yaml
  dependency-version: 0.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: fluxcd/pkg/actions/kustomize
  dependency-version: 1.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: fluxcd/pkg/actions/yq
  dependency-version: 1.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: fluxcd/pkg/actions/crdjsonschema
  dependency-version: 1.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: goreleaser/goreleaser-action
  dependency-version: 7.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci
- dependency-name: fluxcd/gha-workflows/.github/workflows/code-scan.yaml
  dependency-version: 0.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: fluxcd/gha-workflows/.github/workflows/labels-sync.yaml
  dependency-version: 0.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: fluxcd/gha-workflows/.github/workflows/upgrade-fluxcd-pkg.yaml
  dependency-version: 0.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-01 00:56:22 +00:00

40 lines
1.1 KiB
YAML

name: ossf
on:
workflow_dispatch:
push:
branches:
- main
schedule:
# Weekly on Saturdays.
- cron: '30 1 * * 6'
permissions: read-all
jobs:
scorecard:
runs-on: ubuntu-latest
permissions:
security-events: write
id-token: write
actions: read
contents: read
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Run analysis
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
with:
results_file: results.sarif
results_format: sarif
repo_token: ${{ secrets.GITHUB_TOKEN }}
publish_results: true
- name: Upload artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: SARIF file
path: results.sarif
retention-days: 5
- name: Upload SARIF results
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
sarif_file: results.sarif