reduce text

This commit is contained in:
laurentsimon
2021-12-29 22:56:18 +00:00
parent f38127b062
commit 48edda6aca
+3 -21
View File
@@ -29,23 +29,8 @@ jobs:
with:
results_file: results.sarif
results_format: sarif
# For the token,
# 1. Create a PAT token at https://github.com/settings/tokens/new
# with the following read permissions:
# - Note: OSSF Scorecard read-only token
# - Expiration: No expiration
# - Scopes:
# * repo > public_repo
# * admin:org > read:org
# * admin:repo_hook > read:repo_hook
# * write:discussion > read:discussion
#
# Create and copy the token.
#
# 2. Create a new repository secret at https://github.com/<org>/<repo>/settings/secrets/actions/new
# with the following settings:
# - Name: SCORECARD_TOKEN
# - Value: the value of the token created in step 1 above.
# Read-only PAT token. To create it, follow the steps
# in https://github.com/ossf/scorecard-action/main#pat-token-creation
repo_token: ${{ secrets.SCORECARD_TOKEN }}
# The Scorecard team runs a weekly scan of public GitHub repositories in order to track
# the overall security health of the open source ecosystem. The results are publicly
@@ -56,9 +41,7 @@ jobs:
# on a private repo, set it to `publish_results: false` or do not set the value at all.
publish_results: true
# Upload the results as artifacts.
# https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts
# This is optional.
# Upload the results as artifacts (optional).
- name: "Upload artifact"
uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
with:
@@ -67,7 +50,6 @@ jobs:
retention-days: 5
# Upload the results to GitHub's code scanning dashboard.
# This is required to visualize the results on GitHub website.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26
with: