Merge pull request #72 from hyphae/axmsoftware-patch-4-1

axmsoftware · web-flow · commit 002775264f81 · 2025-12-22T12:05:05.000-08:00
Modify scorecard workflow for SARIF retention and version
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -22,6 +22,8 @@ jobs:
   analysis:
     name: Scorecard analysis
     runs-on: ubuntu-latest
+    # `publish_results: true` only works when run from the default branch. conditional can be removed if disabled.
+    if: github.event.repository.default_branch == github.ref_name || github.event_name == 'pull_request'
     permissions:
       # Needed to upload the results to code-scanning dashboard.
       security-events: write
@@ -57,17 +59,21 @@ jobs:
           #     of the value entered here.
           publish_results: true
 
+          # (Optional) Uncomment file_mode if you have a .gitattributes with files marked export-ignore
+          # file_mode: git
+
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
         uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        with:
           name: SARIF file
           path: results.sarif
-          retention-days: 10
+          retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: results.sarif
