Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitb144728

Browse files
ci: apply OSSF Scorecard security best practices (#300)
Co-authored-by: Ulises Gascón <ulisesgascongonzalez@gmail.com>Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>
1 parent68c2d21 commitb144728

File tree

3 files changed

+99
-3
lines changed

3 files changed

+99
-3
lines changed

‎.github/dependabot.yml‎

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
version:2
2+
updates:
3+
-package-ecosystem:github-actions
4+
directory:/
5+
schedule:
6+
interval:monthly
7+
8+
-package-ecosystem:npm
9+
directory:/
10+
schedule:
11+
interval:monthly
12+
open-pull-requests-limit:10
13+
ignore:
14+
-dependency-name:"*"
15+
update-types:["version-update:semver-major"]

‎.github/workflows/ci.yml‎

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,14 @@ on:
44
-pull_request
55
-push
66

7+
permissions:
8+
contents:read
9+
710
jobs:
811
test:
12+
permissions:
13+
checks:write# for coverallsapp/github-action to create new checks
14+
contents:read# for actions/checkout to fetch code
915
runs-on:ubuntu-latest
1016
strategy:
1117
matrix:
@@ -130,7 +136,7 @@ jobs:
130136
node-version:"22.0"
131137

132138
steps:
133-
-uses:actions/checkout@v4
139+
-uses:actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683# v4.2.2
134140

135141
-name:Install Node.js ${{ matrix.node-version }}
136142
shell:bash -eo pipefail -l {0}
@@ -203,19 +209,21 @@ jobs:
203209
run:npm run lint
204210

205211
-name:Collect code coverage
206-
uses:coverallsapp/github-action@master
212+
uses:coverallsapp/github-action@09b709cf6a16e30b0808ba050c7a6e8a5ef13f8d#master
207213
if:steps.list_env.outputs.nyc != ''
208214
with:
209215
github-token:${{ secrets.GITHUB_TOKEN }}
210216
flag-name:run-${{ matrix.test_number }}
211217
parallel:true
212218

213219
coverage:
220+
permissions:
221+
checks:write# for coverallsapp/github-action to create new checks
214222
needs:test
215223
runs-on:ubuntu-latest
216224
steps:
217225
-name:Upload code coverage
218-
uses:coverallsapp/github-action@master
226+
uses:coverallsapp/github-action@09b709cf6a16e30b0808ba050c7a6e8a5ef13f8d#master
219227
with:
220228
github-token:${{ secrets.GITHUB_TOKEN }}
221229
parallel-finished:true

‎.github/workflows/codeql.yml‎

Lines changed: 73 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,73 @@
1+
# For most projects, this workflow file will not need changing; you simply need
2+
# to commit it to your repository.
3+
#
4+
# You may wish to alter this file to override the set of languages analyzed,
5+
# or to provide custom queries or build logic.
6+
#
7+
# ******** NOTE ********
8+
# We have attempted to detect the languages in your repository. Please check
9+
# the `language` matrix defined below to confirm you have the correct set of
10+
# supported CodeQL languages.
11+
#
12+
name:"CodeQL"
13+
14+
on:
15+
push:
16+
branches:["master"]
17+
pull_request:
18+
# The branches below must be a subset of the branches above
19+
branches:["master"]
20+
schedule:
21+
-cron:"0 0 * * 1"
22+
23+
permissions:
24+
contents:read
25+
26+
jobs:
27+
analyze:
28+
name:Analyze
29+
runs-on:ubuntu-latest
30+
permissions:
31+
actions:read
32+
contents:read
33+
security-events:write
34+
35+
strategy:
36+
fail-fast:false
37+
matrix:
38+
language:["javascript"]
39+
# CodeQL supports [ $supported-codeql-languages ]
40+
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
41+
42+
steps:
43+
-name:Checkout repository
44+
uses:actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683# v4.2.2
45+
46+
# Initializes the CodeQL tools for scanning.
47+
-name:Initialize CodeQL
48+
uses:github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f# v3.28.18
49+
with:
50+
languages:${{ matrix.language }}
51+
# If you wish to specify custom queries, you can do so here or in a config file.
52+
# By default, queries listed here will override any specified in a config file.
53+
# Prefix the list here with "+" to use these queries and those in the config file.
54+
55+
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
56+
# If this step fails, then you should remove it and run the build manually (see below)
57+
-name:Autobuild
58+
uses:github/codeql-action/autobuild@ff0a06e83cb2de871e5a09832bc6a81e7276941f# v3.28.18
59+
60+
# ℹ️ Command-line programs to run using the OS shell.
61+
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
62+
63+
# If the Autobuild fails above, remove it and uncomment the following three lines.
64+
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
65+
66+
# - run: |
67+
# echo "Run, Build Application using script"
68+
# ./location_of_script_within_repo/buildscript.sh
69+
70+
-name:Perform CodeQL Analysis
71+
uses:github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f# v3.28.18
72+
with:
73+
category:"/language:${{matrix.language}}"

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp