Merge pull request #67 from alex-semenyuk/add_bot

EnriqueL8 · web-flow · commit c45ab35647bf · 2025-02-20T10:56:18.000Z
Add OpenSSF Scorecard badge and fix CodeQL workflow
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -1,48 +1,40 @@
 name: "CodeQL"
 
 on:
-  push:
-    branches: [main]
   pull_request:
-    branches: [main]
-  schedule:
-    - cron: '0 11 * * 1'
+    branches:
+      - main
+  push:
+    branches:
+      - main
+  workflow_dispatch:
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-22.04
-
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
     strategy:
       fail-fast: false
       matrix:
-        language: ['go']
-
+        language:
+          - go
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4.1.7
-      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2
-
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
diff --git a/README.md b/README.md
@@ -4,6 +4,7 @@
 [![Hits-of-Code](https://hitsofcode.com/github/hyperledger/firefly-tezosconnect?branch=main)](https://hitsofcode.com/view/github/hyperledger/firefly-tezosconnect?branch=main)
 [![Go Reference](https://pkg.go.dev/badge/github.com/hyperledger/firefly-tezosconnect.svg)](https://pkg.go.dev/github.com/hyperledger/firefly-tezosconnect)
 [![License](https://img.shields.io/badge/apache-2.0-blue.svg)](https://github.com/hyperledger/firefly-tezosconnect/blob/main/LICENSE)
+[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/hyperledger/firefly-tezosconnect/badge)](https://scorecard.dev/viewer/?uri=github.com/hyperledger/firefly-tezosconnect)
 
 # Hyperledger FireFly Tezos Connector
 
