Skip to content

chore: remove Renovate entirely #132

chore: remove Renovate entirely

chore: remove Renovate entirely #132

Workflow file for this run

name: OpenSSF Scorecard
# Audit the repo's security posture against the OpenSSF Scorecard checks
# (branch protection, signed releases, pinned dependencies, code review,
# token permissions, etc.). Free for public repos.
#
# Results land in:
# - the Security tab → Code scanning (as SARIF alerts)
# - the OpenSSF Scorecard public dashboard at scorecard.dev
# - the badge that we'll add to the README
#
# Runs weekly + on push to main + on demand.
on:
branch_protection_rule: # re-audits when protection rules change
schedule:
- cron: "0 6 * * 1" # every Monday at 06:00 UTC
push:
branches: [main]
workflow_dispatch:
permissions: read-all
jobs:
analysis:
name: Scorecard analysis
runs-on: ubuntu-latest
permissions:
# required for uploading SARIF results
security-events: write
# required to read the actions metadata
id-token: write
contents: read
actions: read
steps:
- name: Checkout repo
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
persist-credentials: false
- name: Run analysis
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
with:
results_file: results.sarif
results_format: sarif
publish_results: true # opt-in: publishes the score to the public scorecard.dev dashboard
- name: Upload artifact
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: SARIF file
path: results.sarif
retention-days: 5
- name: Upload to code-scanning dashboard
uses: github/codeql-action/upload-sarif@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a # v3.35.2
with:
sarif_file: results.sarif