codecov/codecov-action
1
0
Fork 0
mirror of https://github.com/codecov/codecov-action.git synced 2025-12-08 16:16:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(ci): restrict scorecards to codecov/codecov-action (#1512)

Browse Source
This commit is contained in:
Tom Hu
2024-07-16 16:44:50 +02:00
committed by GitHub
parent 9e145151be
commit 992fc4eb1f
3 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/scorecards-analysis.yml vendored
View File

@@ -12,6 +12,7 @@ permissions: read-all
jobs: jobs:
analysis: analysis:
if: github.repository == 'codecov/codecov-action'
name: Scorecards analysis name: Scorecards analysis
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
@@ -21,7 +22,7 @@ jobs:
id-token: write id-token: write
actions: read actions: read
contents: read contents: read
steps: steps:
- name: "Checkout code" - name: "Checkout code"
uses: actions/checkout@v4.1.7 # v3.0.0 uses: actions/checkout@v4.1.7 # v3.0.0
@@ -40,8 +41,8 @@ jobs:
# repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
# Publish the results for public repositories to enable scorecard badges. For more details, see # Publish the results for public repositories to enable scorecard badges. For more details, see
# https://github.com/ossf/scorecard-action#publishing-results. # https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories, `publish_results` will automatically be set to `false`, regardless # For private repositories, `publish_results` will automatically be set to `false`, regardless
# of the value entered here. # of the value entered here.
publish_results: true publish_results: true
@@ -53,7 +54,7 @@ jobs:
name: SARIF file name: SARIF file
path: results.sarif path: results.sarif
retention-days: 5 retention-days: 5
# Upload the results to GitHub's code scanning dashboard. # Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning" - name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@v3.25.12 # v1.0.26 uses: github/codeql-action/upload-sarif@v3.25.12 # v1.0.26

4
dist/index.js vendored Executable file → Normal file
View File

@@ -32351,12 +32351,12 @@ const isPullRequestFromFork = () => {
return (baseLabel.split(':')[0] !== headLabel.split(':')[0]); return (baseLabel.split(':')[0] !== headLabel.split(':')[0]);
}; };
const getToken = () => buildExec_awaiter(void 0, void 0, void 0, function* () { const getToken = () => buildExec_awaiter(void 0, void 0, void 0, function* () {
if (isPullRequestFromFork()) { let token = core.getInput('token');
if (!token && isPullRequestFromFork()) {
core.info('==> Fork detected, tokenless uploading used'); core.info('==> Fork detected, tokenless uploading used');
process.env['TOKENLESS'] = context.payload.pull_request.head.label; process.env['TOKENLESS'] = context.payload.pull_request.head.label;
return Promise.resolve(''); return Promise.resolve('');
} }
let token = core.getInput('token');
let url = core.getInput('url'); let url = core.getInput('url');
const useOIDC = isTrue(core.getInput('use_oidc')); const useOIDC = isTrue(core.getInput('use_oidc'));
if (useOIDC) { if (useOIDC) {

2
dist/index.js.map vendored
View File

File diff suppressed because one or more lines are too long