Clean up supply-chain workflow

2026-06-15 00:16:15 +08:00 · 2026-06-01 10:22:33 -07:00 · 2026-06-01 10:22:33 -07:00 · b18919cb38
commit b18919cb38
parent 3046d2ca7e
1 changed files with 6 additions and 25 deletions
--- a/.github/workflows/supply-chain.yml
+++ b/.github/workflows/supply-chain.yml
@ -1,8 +1,4 @@
-# This workflow uses actions that are not certified by GitHub. They are provided
-# by a third-party and are governed by separate terms of service, privacy
-# policy, and support documentation.
-
-name: Scorecard supply-chain security
+name: supply-chain
 on:
  workflow_dispatch:
  # For Branch-Protection check. Only the default branch is supported. See
@ -13,14 +9,13 @@ on:
  schedule:
    - cron: '26 14 * * 5'
  push:
-    branches: [ "master" ]
+    branches: [main]

 # Declare default permissions as read only.
 permissions: read-all

 jobs:
-  analysis:
-    name: Scorecard analysis
+  scorecard:
    runs-on: ubuntu-latest
    permissions:
      # Needed to upload the results to code-scanning dashboard.
@ -29,20 +24,15 @@ jobs:
      id-token: write

    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          persist-credentials: false

-      - name: "Run analysis"
+      - name: Run analysis
        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
        with:
          results_file: results.sarif
          results_format: sarif
-          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
-          # - you want to enable the Branch-Protection check on a *public* repository, or
-          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
-          # repo_token: ${{ secrets.SCORECARD_TOKEN }}

          # Public repositories:
          #   - Publish results to OpenSSF REST API for easy access by consumers
@ -50,17 +40,8 @@ jobs:
          #   - See https://github.com/ossf/scorecard-action#publishing-results.
          publish_results: true

-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 5
-
      # Upload the results to GitHub's code scanning dashboard.
-      - name: "Upload to code-scanning"
+      - name: Upload to code-scanning
        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v3.29.5
        with:
          sarif_file: results.sarif