This is an automated email from the ASF dual-hosted git repository. ggregory pushed a commit to branch 1.x in repository https://gitbox.apache.org/repos/asf/commons-fileupload.git
The following commit(s) were added to refs/heads/1.x by this push: new 5a098705 Drop scorecards from 1.x 5a098705 is described below commit 5a0987051f82d70fdcbed4f28156698d4a1d0e8b Author: Gary Gregory <garydgreg...@gmail.com> AuthorDate: Mon May 20 08:19:39 2024 -0400 Drop scorecards from 1.x --- .github/workflows/scorecards-analysis.yml | 69 ------------------------------- 1 file changed, 69 deletions(-) diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml deleted file mode 100644 index b2357e69..00000000 --- a/.github/workflows/scorecards-analysis.yml +++ /dev/null @@ -1,69 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache license, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the license for the specific language governing permissions and -# limitations under the license. - -name: "Scorecards supply-chain security" - -on: - branch_protection_rule: - schedule: - - cron: "30 1 * * 6" # Weekly on Saturdays - push: - branches: [ "1.x" ] - -permissions: read-all - -jobs: - - analysis: - - name: "Scorecards analysis" - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to the code-scanning dashboard. - security-events: write - actions: read - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - - steps: - - - name: "Checkout code" - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # 2.3.3 - with: - results_file: results.sarif - results_format: sarif - # A read-only PAT token, which is sufficient for the action to function. - # The relevant discussion: https://github.com/ossf/scorecard-action/issues/188 - repo_token: ${{ secrets.GITHUB_TOKEN }} - # Publish the results for public repositories to enable scorecard badges. - # For more details: https://github.com/ossf/scorecard-action#publishing-results - publish_results: true - - - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # 4.3.3 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # 3.25.5 - with: - sarif_file: results.sarif