Skip Windows pip cache in CI #161
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # OpenSSF Scorecard — supply-chain security posture. | |
| # | |
| # Runs weekly and on every push to the default branch. Results land in | |
| # the Security tab and (optionally) the OpenSSF dashboard. The badge in | |
| # README.md is updated on each successful run. | |
| name: Scorecard | |
| on: | |
| branch_protection_rule: | |
| schedule: | |
| - cron: "29 7 * * 2" # Tuesday 07:29 UTC | |
| push: | |
| branches: [main] | |
| permissions: read-all | |
| jobs: | |
| analysis: | |
| name: Scorecard analysis | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write # to upload SARIF to the Security tab | |
| id-token: write # to publish results to OpenSSF | |
| contents: read | |
| actions: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| persist-credentials: false | |
| - name: Run Scorecard | |
| uses: ossf/scorecard-action@v2.4.3 | |
| with: | |
| results_file: results.sarif | |
| results_format: sarif | |
| publish_results: true | |
| - name: Upload SARIF | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: scorecard-results | |
| path: results.sarif | |
| retention-days: 30 | |
| - name: Upload to code-scanning | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: results.sarif |