From 1d062b44a8d3284fe8a7c5b8889dc91b49ae82eb Mon Sep 17 00:00:00 2001
From: hyperpolymath <6759885+hyperpolymath@users.noreply.github.com>
Date: Tue, 26 May 2026 18:36:44 +0100
Subject: [PATCH] chore(ci): replace scorecard.yml with reusable wrapper

Pins to hyperpolymath/standards#205 merge SHA e0caf11508a3989574713c78f5f444f2ce5e33ef. Replaces the
canonical scorecard.yml with a thin wrapper. Closes the 5-candidate
convergence set (mirror, secret-scanner, codeql, hypatia-scan, scorecard).

Part of estate-wide convergence campaign 2026-05-26
(standards#199 / #205).
---
 .github/workflows/scorecard.yml | 35 +++++++++------------------------
 1 file changed, 9 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index fc5f60c..969ad71 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -1,33 +1,16 @@
 # SPDX-License-Identifier: PMPL-1.0-or-later
-name: OSSF Scorecard
+name: Scorecards supply-chain security
+
 on:
-  push:
-    branches: [main, master]
+  branch_protection_rule:
   schedule:
-    - cron: '0 4 * * *'
-  workflow_dispatch:
+    - cron: '23 4 * * 1'
+  push:
+    branches: [main]
 
-permissions:
-  contents: read
+permissions: read-all
 
 jobs:
   analysis:
-    runs-on: ubuntu-latest
-    permissions:
-      security-events: write
-      id-token: write
-    steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-        with:
-          persist-credentials: false
-
-      - name: Run Scorecard
-        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.3.1
-        with:
-          results_file: results.sarif
-          results_format: sarif
-
-      - name: Upload results
-        uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v3.31.8
-        with:
-          sarif_file: results.sarif
+    uses: hyperpolymath/standards/.github/workflows/scorecard-reusable.yml@e0caf11508a3989574713c78f5f444f2ce5e33ef
+    secrets: inherit