Skip to content

Commit d062f4d

Browse files
Merge pull request #40 from IntelPython/fix-readme-add-openssf-scorecard-workflow
Fix readme add openssf scorecard workflow
2 parents 36aeedf + d916e35 commit d062f4d

File tree

2 files changed

+77
-2
lines changed

2 files changed

+77
-2
lines changed
Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,74 @@
1+
# This workflow uses actions that are not certified by GitHub. They are provided
2+
# by a third-party and are governed by separate terms of service, privacy
3+
# policy, and support documentation.
4+
5+
name: Scorecard supply-chain security
6+
on:
7+
# For Branch-Protection check. Only the default branch is supported. See
8+
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
9+
branch_protection_rule:
10+
# To guarantee Maintained check is occasionally updated. See
11+
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
12+
schedule:
13+
- cron: '28 2 * * 1'
14+
- cron: '28 2 * * 4'
15+
push:
16+
branches: [ "master" ]
17+
18+
# Declare default permissions as read only.
19+
permissions: read-all
20+
21+
jobs:
22+
analysis:
23+
name: Scorecard analysis
24+
runs-on: ubuntu-latest
25+
timeout-minutes: 30
26+
permissions:
27+
# Needed to upload the results to code-scanning dashboard.
28+
security-events: write
29+
# Needed to publish results and get a badge (see publish_results below).
30+
id-token: write
31+
# Uncomment the permissions below if installing in a private repository.
32+
# contents: read
33+
# actions: read
34+
35+
steps:
36+
- name: "Checkout code"
37+
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
38+
with:
39+
persist-credentials: false
40+
41+
- name: "Run analysis"
42+
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
43+
with:
44+
results_file: results.sarif
45+
results_format: sarif
46+
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
47+
# - you want to enable the Branch-Protection check on a *public* repository, or
48+
# - you are installing Scorecard on a *private* repository
49+
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
50+
# repo_token: ${{ secrets.SCORECARD_TOKEN }}
51+
52+
# Public repositories:
53+
# - Publish results to OpenSSF REST API for easy access by consumers
54+
# - Allows the repository to include the Scorecard badge.
55+
# - See https://github.com/ossf/scorecard-action#publishing-results.
56+
# For private repositories:
57+
# - `publish_results` will always be set to `false`, regardless
58+
# of the value entered here.
59+
publish_results: true
60+
61+
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
62+
# format to the repository Actions tab.
63+
- name: "Upload artifact"
64+
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
65+
with:
66+
name: SARIF file
67+
path: results.sarif
68+
retention-days: 14
69+
70+
# Upload the results to GitHub's code scanning dashboard.
71+
- name: "Upload to code-scanning"
72+
uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
73+
with:
74+
sarif_file: results.sarif

README.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
11
# ``mkl-service`` - Python package for run-time control of Intel(R) Math Kernel Library.
2-
[![Build Status](https://travis-ci.com/IntelPython/mkl-service.svg?branch=master)](https://travis-ci.com/IntelPython/mkl-service)
2+
[![Conda package](https://github.com/IntelPython/mkl-service/actions/workflows/conda-package.yml/badge.svg)](https://github.com/IntelPython/mkl-service/actions/workflows/conda-package.yml)
3+
[![Build mkl-service with clang](https://github.com/IntelPython/mkl-service/actions/workflows/build-with-clang.yml/badge.svg)](https://github.com/IntelPython/mkl-service/actions/workflows/build-with-clang.yml)
4+
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/IntelPython/mkl-service/badge)](https://securityscorecards.dev/viewer/?uri=github.com/IntelPython/mkl-service)
35

4-
See the [blog](https://www.intel.com/content/www/us/en/developer/tools/oneapi/onemkl.html) announcing the release.
56

67
---
78

0 commit comments

Comments
 (0)