1+ name : " OpenSSF Scoring"
2+ on :
3+ schedule :
4+ # Run on the first day of every month
5+ - cron : " 0 0 1 * *"
6+ # Manual trigger
7+ workflow_dispatch :
8+
9+ # Permissions required to run this workflow (create issue and commit/push changes)
10+ permissions :
11+ contents : write
12+ pull-requests : write
13+ issues : write
14+ packages : none
15+
16+ jobs :
17+ security-scoring :
18+ runs-on : ubuntu-latest
19+ steps :
20+ - name : Harden Runner
21+ uses : step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
22+ with :
23+ egress-policy : audit # TODO: change to 'egress-policy: block' after couple of runs
24+
25+ - uses : actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v3.3.0
26+ - name : OpenSSF Scorecard Monitor
27+ uses : ossf/scorecard-monitor@a3a9c4cfa0684480ec5f86fa178fc22c4394b69e # v2.0.0-beta8
28+ with :
29+ scope : tools/ossf_scorecard/scope.json
30+ database : tools/ossf_scorecard/database.json
31+ report : tools/ossf_scorecard/report.md
32+ auto-commit : false
33+ auto-push : false
34+ generate-issue : true
35+ report-tags-enabled : true
36+ issue-title : " OpenSSF Scorecard Report Updated!"
37+ github-token : ${{ secrets.GITHUB_TOKEN }}
38+ max-request-in-parallel : 10
39+ discovery-enabled : true
40+ discovery-orgs : ' yeoman'
41+ - name : Create Pull Request
42+ uses : gr2m/create-or-update-pull-request-action@77596e3166f328b24613f7082ab30bf2d93079d5
43+ env :
44+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
45+ with :
46+ commit-message : ' docs: OpenSSF Scorecard Report Updated'
47+ title : OpenSSF Scorecard Report Updated
48+ body : ' OpenSSF Scorecard Report Updated. cc: @ulisesGascon'
49+ assignees : ${{ github.actor }}
50+ labels : security
51+ branch : openssf-scorecard-report-updated
52+ update-pull-request-title-and-body : true
0 commit comments