mirror of
https://github.com/mattermost/mattermost.git
synced 2026-05-28 04:35:04 -04:00
56953189f3
Some checks failed
API / build (push) Has been cancelled
Opensearch Docker Image / build-image (push) Has been cancelled
BuildEnv Docker Image / build-image (push) Has been cancelled
BuildEnv Docker Image / build-image-fips (push) Has been cancelled
Server CI / Compute Go Version (push) Has been cancelled
Web App CI / check-lint (push) Has been cancelled
Server CI / Check mocks (push) Has been cancelled
Server CI / Check go mod tidy (push) Has been cancelled
Server CI / check-style (push) Has been cancelled
Server CI / Check serialization methods for hot structs (push) Has been cancelled
Server CI / Vet API (push) Has been cancelled
Server CI / Check migration files (push) Has been cancelled
Server CI / Generate email templates (push) Has been cancelled
Server CI / Check store layers (push) Has been cancelled
Server CI / Check mmctl docs (push) Has been cancelled
Server CI / Postgres with binary parameters (push) Has been cancelled
Server CI / Postgres (push) Has been cancelled
Server CI / Postgres (FIPS) (push) Has been cancelled
Server CI / Generate Test Coverage (push) Has been cancelled
Server CI / Run mmctl tests (push) Has been cancelled
Server CI / Run mmctl tests (FIPS) (push) Has been cancelled
Server CI / Build mattermost server app (push) Has been cancelled
Web App CI / check-i18n (push) Has been cancelled
Web App CI / check-types (push) Has been cancelled
Web App CI / test (platform) (push) Has been cancelled
Web App CI / test (mattermost-redux) (push) Has been cancelled
Web App CI / test (channels shard 1/4) (push) Has been cancelled
Web App CI / test (channels shard 2/4) (push) Has been cancelled
Web App CI / test (channels shard 3/4) (push) Has been cancelled
Web App CI / test (channels shard 4/4) (push) Has been cancelled
Web App CI / upload-coverage (push) Has been cancelled
Web App CI / build (push) Has been cancelled
Bumps the github-actions-updates group with 11 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.2` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.2.0` | `6.3.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.0.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.0.0` | | [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) | `1.0.54` | `1.0.70` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.32.3` | `4.32.6` | | [actions/setup-go](https://github.com/actions/setup-go) | `6.2.0` | `6.3.0` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `47.0.4` | `47.0.5` | | [getsentry/action-release](https://github.com/getsentry/action-release) | `3.1.1` | `3.5.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.0.0` | | [mikepenz/action-junit-report](https://github.com/mikepenz/action-junit-report) | `6.2.0` | `6.3.1` | Updates `actions/checkout` from 4.2.2 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.2.2...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `actions/setup-node` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](6044e13b5d...53b83947a5) Updates `docker/login-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](c94ce9fb46...b45d80f862) Updates `docker/build-push-action` from 6.19.2 to 7.0.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](10e90e3645...d08e5c354a) Updates `anthropics/claude-code-action` from 1.0.54 to 1.0.70 - [Release notes](https://github.com/anthropics/claude-code-action/releases) - [Commits](0cf5eeec4f...26ec041249) Updates `github/codeql-action` from 4.32.3 to 4.32.6 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](9e907b5e64...0d579ffd05) Updates `actions/setup-go` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](7a3fe6cf4c...4b73464bb3) Updates `tj-actions/changed-files` from 47.0.4 to 47.0.5 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](7dee1b0c15...22103cc46b) Updates `getsentry/action-release` from 3.1.1 to 3.5.0 - [Release notes](https://github.com/getsentry/action-release/releases) - [Changelog](https://github.com/getsentry/action-release/blob/master/CHANGELOG.md) - [Commits](00ed2a6cc2...dab6548b3c) Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](8d2750c68a...4d04d5d948) Updates `mikepenz/action-junit-report` from 6.2.0 to 6.3.1 - [Release notes](https://github.com/mikepenz/action-junit-report/releases) - [Commits](74626db735...49b2ca06f6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: actions/setup-node dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: docker/login-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: docker/build-push-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: anthropics/claude-code-action dependency-version: 1.0.70 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: github/codeql-action dependency-version: 4.32.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: actions/setup-go dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: tj-actions/changed-files dependency-version: 47.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: getsentry/action-release dependency-version: 3.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: docker/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: mikepenz/action-junit-report dependency-version: 6.3.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
61 lines
2.4 KiB
YAML
61 lines
2.4 KiB
YAML
name: Scorecards supply-chain security
|
|
on:
|
|
# Only the default branch is supported.
|
|
branch_protection_rule:
|
|
schedule:
|
|
- cron: "44 6 * * *"
|
|
|
|
# Declare default permissions as read only.
|
|
permissions: read-all
|
|
|
|
jobs:
|
|
analysis:
|
|
name: Scorecard analysis
|
|
if: github.repository_owner == 'mattermost'
|
|
runs-on: ubuntu-24.04
|
|
permissions:
|
|
# Needed to upload the results to code-scanning dashboard.
|
|
security-events: write
|
|
# Needed to publish results and get a badge (see publish_results below).
|
|
id-token: write
|
|
|
|
steps:
|
|
- name: "Checkout code"
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: "Run analysis"
|
|
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
|
|
with:
|
|
results_file: results.sarif
|
|
results_format: sarif
|
|
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
|
|
# - you want to enable the Branch-Protection check on a *public* repository, or
|
|
# - you are installing Scorecard on a *private* repository
|
|
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
|
|
repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
|
|
|
|
# Public repositories:
|
|
# - Publish results to OpenSSF REST API for easy access by consumers
|
|
# - Allows the repository to include the Scorecard badge.
|
|
# - See https://github.com/ossf/scorecard-action#publishing-results.
|
|
# For private repositories:
|
|
# - `publish_results` will always be set to `false`, regardless
|
|
# of the value entered here.
|
|
publish_results: true
|
|
|
|
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
|
|
# format to the repository Actions tab.
|
|
- name: "Upload artifact"
|
|
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
|
|
with:
|
|
name: SARIF file
|
|
path: results.sarif
|
|
retention-days: 5
|
|
|
|
# Upload the results to GitHub's code scanning dashboard.
|
|
- name: "Upload to code-scanning"
|
|
uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
|
|
with:
|
|
sarif_file: results.sarif
|