chore: remove Renovate entirely #132
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: OpenSSF Scorecard | |
| # Audit the repo's security posture against the OpenSSF Scorecard checks | |
| # (branch protection, signed releases, pinned dependencies, code review, | |
| # token permissions, etc.). Free for public repos. | |
| # | |
| # Results land in: | |
| # - the Security tab → Code scanning (as SARIF alerts) | |
| # - the OpenSSF Scorecard public dashboard at scorecard.dev | |
| # - the badge that we'll add to the README | |
| # | |
| # Runs weekly + on push to main + on demand. | |
| on: | |
| branch_protection_rule: # re-audits when protection rules change | |
| schedule: | |
| - cron: "0 6 * * 1" # every Monday at 06:00 UTC | |
| push: | |
| branches: [main] | |
| workflow_dispatch: | |
| permissions: read-all | |
| jobs: | |
| analysis: | |
| name: Scorecard analysis | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # required for uploading SARIF results | |
| security-events: write | |
| # required to read the actions metadata | |
| id-token: write | |
| contents: read | |
| actions: read | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - name: Run analysis | |
| uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 | |
| with: | |
| results_file: results.sarif | |
| results_format: sarif | |
| publish_results: true # opt-in: publishes the score to the public scorecard.dev dashboard | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: SARIF file | |
| path: results.sarif | |
| retention-days: 5 | |
| - name: Upload to code-scanning dashboard | |
| uses: github/codeql-action/upload-sarif@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a # v3.35.2 | |
| with: | |
| sarif_file: results.sarif |