ci: fix security workflows

mnrendra · mnrendra · commit bc17b70df2c9 · 2025-04-30T13:26:28.000+07:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -55,6 +55,33 @@ jobs:
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
 
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Analyze CodeQL
+        uses: github/codeql-action/analyze@v3
+
+      - name: Analyze OSSF Scorecard
+        uses: ossf/scorecard-action@v2.4.1
+        with:
+          results_file: ossf_scorecard.sarif
+          results_format: sarif
+          repo_token: ${{ secrets.TOKEN }}
+          publish_results: true
+
+      - name: Upload to GitHub Actions Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: OSSF Scorecard
+          path: ossf_scorecard.sarif
+
+      - name: Upload to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: ossf_scorecard.sarif
+
       - name: Release and Publish to NPM
         env:
           GIT_AUTHOR_NAME: ${{ vars.GIT_AUTHOR_NAME }}
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -42,7 +42,7 @@ jobs:
         uses: github/codeql-action/analyze@v3
 
       - name: Analyze OSSF Scorecard
-        uses: ossf/scorecard-action@v2
+        uses: ossf/scorecard-action@v2.4.1
         with:
           results_file: ossf_scorecard.sarif
           results_format: sarif
