Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CodeQL and harden workflows #538

Merged
merged 6 commits into from
Apr 15, 2023
Merged

Add CodeQL and harden workflows #538

merged 6 commits into from
Apr 15, 2023
+106 −19

Conversation

martincostello
Copy link
Member

Changes to improve the OSSF Scorecard score for #534.

  • Add GitHub Actions workflow to run CodeQL analysis.
  • Add a security policy.
  • Pin actions versions by their SHA.
  • Add explicit GitHub workflow permissions.
  • Add NuGet package caching.

@martincostello
Add CodeQL analysis

Verified

This commit was signed with the committer’s verified signature. The key has expired.
thoughtpolice Austin Seipp
GPG key ID: 25D2038DEB08021D
Expired
Verified
Learn about vigilant mode
23102f7 
Add GitHub Actions workflow to run CodeQL analysis.
@martincostello
Add security policy
9529a03 
Add a security policy.
@martincostello
Pin actions versions
240fa2f 
Pin actions versions by their SHA.
@martincostello
Add explicit workflow permissions
1b3349d 
Add explicit GitHub workflow permissions.
@martincostello
Add NuGet package caching
149c2a2 
Add NuGet package caching.
@martincostello
Refactor workflow
51f9675 
- Use `GITHUB_REF_NAME`.
- Change some sorting.
@martincostello martincostello added enhancement A change that enhances existing functionality or documentation. documentation Documentation for the use of the library. github_actions Pull requests that update GitHub Actions code labels Apr 15, 2023
@martincostello martincostello requested a review from a team as a code owner April 15, 2023 12:32
@martincostello martincostello enabled auto-merge (rebase) April 15, 2023 12:34
@codecov-commenter
Copy link

codecov-commenter commented Apr 15, 2023
edited
Loading

Codecov Report

Merging #538 (51f9675) into main (a6cd898) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #538   +/-   ##
=======================================
  Coverage   97.39%   97.39%           
=======================================
  Files          15       15           
  Lines         846      846           
=======================================
  Hits          824      824           
  Misses         22       22
Flag Coverage Δ
linux 97.39% <ø> (ø)
macos 97.39% <ø> (ø)
windows ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@martincostello martincostello merged commit fc2a80a into justeattakeaway:main Apr 15, 2023
@martincostello martincostello deleted the add-codeql branch April 15, 2023 12:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
documentation Documentation for the use of the library. enhancement A change that enhances existing functionality or documentation. github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@martincostello @codecov-commenter