[llvm] Add Scorecard Action (PR #69933)
Tom Stellard via llvm-commits
llvm-commits at lists.llvm.org
Wed Nov 1 12:28:22 PDT 2023
================
@@ -0,0 +1,63 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+# Check current LLVM-Project results here: https://securityscorecards.dev/viewer/?uri=github.com/llvm/llvm-project
+
+name: Scorecard supply-chain security
+on:
+ # For Branch-Protection check. Only the default branch is supported. See
+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+ branch_protection_rule:
+ # To guarantee Maintained check is occasionally updated. See
+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+ schedule:
+ - cron: '38 20 * * 4'
+ push:
+ branches: [ "main" ]
----------------
tstellar wrote:
I just noticed that this runs for every push. I think it's causing us to go over the API limits, so I'm going to drop this part of the patch. What's the downsides of not running it for every push.
https://github.com/llvm/llvm-project/pull/69933
More information about the llvm-commits
mailing list