Skip to content

Update ossf/scorecard-action action to v2.4.3 #21174

Update ossf/scorecard-action action to v2.4.3

Update ossf/scorecard-action action to v2.4.3 #21174

Workflow file for this run

name: "CodeQL"
on:
push:
branches:
- main
- release-*
pull_request:
# The branches below must be a subset of the branches above
branches:
- main
merge_group:
schedule:
- cron: "36 6 * * 4" # run every Thursday at 06:36 UTC
concurrency:
group: ${{ github.ref_name }}-codeql
cancel-in-progress: true
permissions:
contents: read
jobs:
checks:
name: Checks and variables
runs-on: ubuntu-24.04
outputs:
docs_only: ${{ github.event.pull_request && steps.docs.outputs.docs_only == 'true' }}
steps:
- name: Checkout Repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
- name: Filter only docs changes
id: docs
run: |
files=$(git diff --name-only HEAD^ | egrep -v "^examples/" | egrep -v "^README.md")
if [ -z "$files" ]; then
echo "docs_only=true" >> $GITHUB_OUTPUT
else
echo "docs_only=false" >> $GITHUB_OUTPUT
fi
echo $files
cat $GITHUB_OUTPUT
shell: bash --noprofile --norc -o pipefail {0}
analyze:
if: ${{ needs.checks.outputs.docs_only != 'true' }}
needs: [checks]
name: Analyze
permissions:
actions: read # for github/codeql-action/init to get workflow details
contents: read # for actions/checkout to fetch code
packages: read
security-events: write # for github/codeql-action/autobuild to send a status report
uses: nginxinc/compliance-rules/.github/workflows/codeql.yml@a27656f8f9a8748085b434ebe007f5b572709aad # v0.2
with:
requested_languages: go,python