From 84d89af2286555ef7a336494229e355b17a805b1 Mon Sep 17 00:00:00 2001 From: godofredoc Date: Fri, 2 Sep 2022 11:23:41 -0700 Subject: [PATCH] Run scorecards only on pushes to main. (#2546) * Run scorecards only on pushes to main. This is to prevent the workflow from failing when running in branches with no previous data to compare. It also adds the scorecard badge to the README file. * Add timeout and run_if to ci_yaml_roller. --- .ci.yaml | 3 +++ .github/workflows/scorecards-analysis.yml | 5 ++--- README.md | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.ci.yaml b/.ci.yaml index 5e74fbb8c4..3028604755 100644 --- a/.ci.yaml +++ b/.ci.yaml @@ -76,3 +76,6 @@ targets: - name: Linux ci_yaml packages roller recipe: infra/ci_yaml + timeout: 30 + runIf: + - .ci.yaml diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 3637c9c644..8554d90d35 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -1,9 +1,8 @@ name: Scorecards supply-chain security on: - # Only the default branch is supported. - branch_protection_rule: push: - branches: [ main ] + branches: + - main # Declare default permissions as read only. permissions: read-all diff --git a/README.md b/README.md index 870856caec..e54aaa55c5 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Build Status](https://api.cirrus-ci.com/github/flutter/packages.svg)](https://cirrus-ci.com/github/flutter/packages/main) [![Release Status](https://github.com/flutter/packages/actions/workflows/release.yml/badge.svg)](https://github.com/flutter/packages/actions/workflows/release.yml) - +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/flutter/packages/badge)] This repo is a companion repo to the main [flutter repo]( https://github.com/flutter/flutter). It contains the source code for Flutter's first-party packages (i.e., packages developed by the core Flutter team).