This repository has been archived on 2023-08-16. You can view files and clone it, but cannot push or open issues or pull requests.
footnotes/.github/workflows/ossar-analysis.yml

46 lines
1.5 KiB
YAML
Raw Normal View History

2021-04-04 20:12:18 +00:00
# This workflow integrates a collection of open source static analysis tools
# with GitHub code scanning. For documentation, or to provide feedback, visit
# https://github.com/github/ossar-action
name: OSSAR
on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '39 23 * * 4'
jobs:
OSSAR-Scan:
# OSSAR runs on windows-latest.
# ubuntu-latest and macos-latest support coming soon
ci: improve linting, GitHub Actions workflows (#149) * release: release 2.7.2 * fix: urgent 2.7.3 release to fix fatal error * chore: remove un-needed setup script * ci: remove steps from pre-push command * chore: remove un-needed PHP-Commitizen config * chore: put image files in correct folders * chore: move GitHub image into `.github/` dir * fix: classic editor button * fix: call correct jQuery Tools file in dev env * docs: replace license with Markdown version * ci: clean up PHP linting commands If anyone has noticed me playing musical filepaths with these commands for a while, it's because I kept getting inconsistent results from the use of double-globs (i.e., `**`). However, I've finally figured out that this is because Composer is running these scripts in its own shell, so the double-glob that works when I run the command manually in my Terminal doesn't work when Composer runs it in its. * chore: lint PHP files * build: update JS linting standards * chore: lint JS file * build: add node-sass * build: add additional stylelint rules * chore: lint stylesheets with new rulesets * refactor: move ESLint settings to `package.json` * chore: move Prettier config to `package.json` It is not yet possible to move `.prettierignore` to `package.json` too, but this appears to be on the horizon; see [this Issue][prettier-issue]. [prettier-issue]: https://github.com/prettier/prettier/issues/3460 * fix: move WPML config into Plugin folder * chore: move Stylelint config into `package.json` * chore: remove unused `.distignore` It can always be re-added at a later date if it becomes useful. * chore: format file * build: add HTML linting * fix: add image alt tag * ci: clean up GitHub Actions workflows * fix: fix workflow * fix: fix indentation * ci: add YAML validation * chore: make valid * ci: add YAML validation * chore: lint code * ci: change dep install back to original * chore: lint license
2021-04-26 16:17:44 +00:00
name: Scan code with OSSAR
2021-04-04 20:12:18 +00:00
runs-on: windows-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
# Ensure a compatible version of dotnet is installed.
# The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
# A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action.
# GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped.
# For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action:
# - name: Install .NET
# uses: actions/setup-dotnet@v1
# with:
# dotnet-version: '3.1.x'
# Run open source static analysis tools
- name: Run OSSAR
uses: github/ossar-action@v1
id: ossar
# Upload results to the Security tab
- name: Upload OSSAR results
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ${{ steps.ossar.outputs.sarifFile }}