From 8e63873e51b0a6b1f90f1bd13182fba3817acd80 Mon Sep 17 00:00:00 2001 From: Michael Mortensen Date: Fri, 15 Nov 2024 20:41:53 +0100 Subject: [PATCH 1/7] :construction_worker: support for OpenSSF Scorecard --- .github/workflows/pipelines.yml | 16 +++++++++---- .github/workflows/scorecard.yml | 42 +++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/scorecard.yml diff --git a/.github/workflows/pipelines.yml b/.github/workflows/pipelines.yml index 5a0813a..c267927 100644 --- a/.github/workflows/pipelines.yml +++ b/.github/workflows/pipelines.yml @@ -2,11 +2,17 @@ name: Unitify CI/CD Pipeline on: pull_request: paths-ignore: - - .codecov - - .docfx - - .github - - .nuget - - '**.md' + - .codecov/** + - .docfx/** + - .github/** + - .nuget/** + - '**/*.md' + push: + paths-ignore: + - .codecov/** + - .docfx/** + - .nuget/** + - '**/*.md' workflow_dispatch: inputs: configuration: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 0000000..aabea97 --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,42 @@ +name: Scorecard supply-chain security +on: + branch_protection_rule: + schedule: + - cron: '45 17 * * 2' + push: + branches: [ "main" ] + +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + security-events: write + id-token: write + + steps: + - name: "Checkout code" + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@v2.4.0 + with: + results_file: results.sarif + results_format: sarif + publish_results: true + + - name: "Upload artifact" + uses: actions/upload-artifact@v4 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results.sarif From 17b194e0a5d58f04b2bf45659716c8dc8b65c99d Mon Sep 17 00:00:00 2001 From: Michael Mortensen Date: Fri, 15 Nov 2024 20:42:02 +0100 Subject: [PATCH 2/7] :speech_balloon: updated community health pages --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 95d7efd..5b2e9f1 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ # Unitify API by Codebelt -[![Unitify CI/CD Pipeline](https://github.com/codebeltnet/unitify/actions/workflows/pipelines.yml/badge.svg)](https://github.com/codebeltnet/unitify/actions/workflows/pipelines.yml) [![codecov](https://codecov.io/gh/codebeltnet/unitify/graph/badge.svg?token=WAmfmpQyCz)](https://codecov.io/gh/codebeltnet/unitify) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=unitify&metric=alert_status)](https://sonarcloud.io/dashboard?id=unitify) [![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=unitify&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=unitify) [![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=unitify&metric=reliability_rating)](https://sonarcloud.io/dashboard?id=unitify) [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=unitify&metric=security_rating)](https://sonarcloud.io/dashboard?id=unitify) +[![Unitify CI/CD Pipeline](https://github.com/codebeltnet/unitify/actions/workflows/pipelines.yml/badge.svg)](https://github.com/codebeltnet/unitify/actions/workflows/pipelines.yml) [![codecov](https://codecov.io/gh/codebeltnet/unitify/graph/badge.svg?token=WAmfmpQyCz)](https://codecov.io/gh/codebeltnet/unitify) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=unitify&metric=alert_status)](https://sonarcloud.io/dashboard?id=unitify) [![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=unitify&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=unitify) [![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=unitify&metric=reliability_rating)](https://sonarcloud.io/dashboard?id=unitify) [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=unitify&metric=security_rating)](https://sonarcloud.io/dashboard?id=unitify) [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/codebeltnet/unitify/badge)](https://scorecard.dev/viewer/?uri=github.com/codebeltnet/unitify) An open-source project (MIT license) that offers types that simplify unit management with comprehensive metric and binary support for prefixes, multiples, and submultiples. From 7c48ce125153b2fc3c13027e143adc39ed40d54a Mon Sep 17 00:00:00 2001 From: Michael Mortensen Date: Fri, 15 Nov 2024 20:57:42 +0100 Subject: [PATCH 3/7] fix --- .github/workflows/pipelines.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/pipelines.yml b/.github/workflows/pipelines.yml index c267927..4dac97f 100644 --- a/.github/workflows/pipelines.yml +++ b/.github/workflows/pipelines.yml @@ -1,18 +1,13 @@ name: Unitify CI/CD Pipeline on: pull_request: + branches-ignore: [main] paths-ignore: - .codecov/** - .docfx/** - .github/** - .nuget/** - '**/*.md' - push: - paths-ignore: - - .codecov/** - - .docfx/** - - .nuget/** - - '**/*.md' workflow_dispatch: inputs: configuration: From 03e9b3de7313496c2877de5ec005074277d2d9b6 Mon Sep 17 00:00:00 2001 From: Michael Mortensen Date: Fri, 15 Nov 2024 20:58:58 +0100 Subject: [PATCH 4/7] fix --- .github/workflows/pipelines.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/pipelines.yml b/.github/workflows/pipelines.yml index 4dac97f..e6b7dad 100644 --- a/.github/workflows/pipelines.yml +++ b/.github/workflows/pipelines.yml @@ -5,7 +5,6 @@ on: paths-ignore: - .codecov/** - .docfx/** - - .github/** - .nuget/** - '**/*.md' workflow_dispatch: From 82942ae7febf6d831e367bac05c981735948dd27 Mon Sep 17 00:00:00 2001 From: Michael Mortensen Date: Fri, 15 Nov 2024 21:00:43 +0100 Subject: [PATCH 5/7] fix --- .github/workflows/pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pipelines.yml b/.github/workflows/pipelines.yml index e6b7dad..e5207a7 100644 --- a/.github/workflows/pipelines.yml +++ b/.github/workflows/pipelines.yml @@ -1,7 +1,7 @@ name: Unitify CI/CD Pipeline on: pull_request: - branches-ignore: [main] + branches: [main] paths-ignore: - .codecov/** - .docfx/** From 15ede82bd1c25d9c22d946cf3e11657429414d13 Mon Sep 17 00:00:00 2001 From: Michael Mortensen Date: Fri, 15 Nov 2024 21:01:49 +0100 Subject: [PATCH 6/7] fix --- .github/workflows/pipelines.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pipelines.yml b/.github/workflows/pipelines.yml index e5207a7..6560afa 100644 --- a/.github/workflows/pipelines.yml +++ b/.github/workflows/pipelines.yml @@ -5,6 +5,7 @@ on: paths-ignore: - .codecov/** - .docfx/** + - .github/** - .nuget/** - '**/*.md' workflow_dispatch: From b10f01ef34f5dc3aa3cb4c9655da35dd6e201e09 Mon Sep 17 00:00:00 2001 From: Michael Mortensen Date: Fri, 15 Nov 2024 21:02:11 +0100 Subject: [PATCH 7/7] fix --- .github/workflows/pipelines.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/pipelines.yml b/.github/workflows/pipelines.yml index 6560afa..e5207a7 100644 --- a/.github/workflows/pipelines.yml +++ b/.github/workflows/pipelines.yml @@ -5,7 +5,6 @@ on: paths-ignore: - .codecov/** - .docfx/** - - .github/** - .nuget/** - '**/*.md' workflow_dispatch: