This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-fileupload.git
The following commit(s) were added to refs/heads/master by this push:
new 0101bb1 Bump Scorecards from 1 to 2
0101bb1 is described below
commit 0101bb1a08cf53d0b7daef53276a63eea3e7cdc1
Author: Gary Gregory <garydgreg...@gmail.com>
AuthorDate: Sun Oct 23 15:39:10 2022 -0400
Bump Scorecards from 1 to 2
---
.checkstyle | 8 ++++----
.github/workflows/scorecards-analysis.yml | 10 ++++++----
2 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/.checkstyle b/.checkstyle
index dc557a6..e39f75b 100644
--- a/.checkstyle
+++ b/.checkstyle
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<fileset-config file-format-version="1.2.0" simple-config="false"
sync-formatter="false">
- <local-check-config name="maven-checkstyle-plugin validate-main"
location="file:/C:/d3vsrc/git/apache/commons-fileupload/src/checkstyle/fileupload_checks.xml"
type="remote" description="maven-checkstyle-plugin configuration
validate-main">
- <property name="checkstyle.header.file"
value="C:\Users\ggregory\ew-apache-commons\.metadata\.plugins\org.eclipse.core.resources\.projects\commons-fileupload2\com.basistech.m2e.code.quality.checkstyleConfigurator\checkstyle-header-validate-main.txt"/>
+ <local-check-config name="maven-checkstyle-plugin validate-main"
location="file:/Users/garydgregory/git/commons-fileupload/src/checkstyle/fileupload_checks.xml"
type="remote" description="maven-checkstyle-plugin configuration
validate-main">
+ <property name="checkstyle.header.file"
value="/Users/garydgregory/eclipse-workspace/apache-commons/.metadata/.plugins/org.eclipse.core.resources/.projects/commons-fileupload2/com.basistech.m2e.code.quality.checkstyleConfigurator/checkstyle-header-validate-main.txt"/>
<property name="checkstyle.cache.file"
value="${project_loc}/target/checkstyle-cachefile"/>
- <property name="checkstyle.suppressions.file"
value="C:\Users\ggregory\ew-apache-commons\.metadata\.plugins\org.eclipse.core.resources\.projects\commons-fileupload2\com.basistech.m2e.code.quality.checkstyleConfigurator\checkstyle-suppressions-validate-main.xml"/>
+ <property name="checkstyle.suppressions.file"
value="/Users/garydgregory/eclipse-workspace/apache-commons/.metadata/.plugins/org.eclipse.core.resources/.projects/commons-fileupload2/com.basistech.m2e.code.quality.checkstyleConfigurator/checkstyle-suppressions-validate-main.xml"/>
</local-check-config>
<fileset name="java-sources-validate-main" enabled="true"
check-config-name="maven-checkstyle-plugin validate-main" local="true">
- <file-match-pattern match-pattern="^src/main/java/.*\.java"
include-pattern="true"/>
+ <file-match-pattern match-pattern="^src/main/java/.*\/.*\.java"
include-pattern="true"/>
<file-match-pattern match-pattern="^src/main/resources.*\.properties"
include-pattern="true"/>
<file-match-pattern match-pattern="^.*\.properties"
include-pattern="true"/>
<file-match-pattern match-pattern="^src/test/resources.*\.properties"
include-pattern="true"/>
diff --git a/.github/workflows/scorecards-analysis.yml
b/.github/workflows/scorecards-analysis.yml
index 1ee4f55..c8b4c85 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -31,19 +31,21 @@ jobs:
name: "Scorecards analysis"
runs-on: ubuntu-latest
permissions:
- security-events: write # Needed to upload the results to the
code-scanning dashboard.
+ # Needed to upload the results to the code-scanning dashboard.
+ security-events: write
actions: read
- contents: read
+ id-token: write # This is required for requesting the JWT
+ contents: read # This is required for actions/checkout
steps:
- name: "Checkout code"
- uses: actions/checkout@v3.1.0 # 3.0.2
+ uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #
3.1.0
with:
persist-credentials: false
- name: "Run analysis"
- uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d
# 1.1.2
+ uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d
# 2.0.6
with:
results_file: results.sarif
results_format: sarif
