Google Git
Sign in
apache / logging-log4j2 / 03aa740e0030fdd90e8bb78ed75a8c36a9a86553^! / .
commit03aa740e0030fdd90e8bb78ed75a8c36a9a86553[log] [tgz]
authorVolkan Yazıcı <volkan@yazi.ci>Mon Apr 22 21:09:19 2024 +0200
committerVolkan Yazıcı <volkan@yazi.ci>Mon Apr 22 21:09:19 2024 +0200
tree781fbae3a7580324891a478fd926fa9f83dd938e
parentca0eaf0096662795a34451d6b43ff803ae7ece27 [diff]
Remove `scorecards-analysis.yaml`, it has not proven any use

diff --git a/.github/workflows/scorecards-analysis.yaml b/.github/workflows/scorecards-analysis.yaml
deleted file mode 100644
index d3c980d..0000000
--- a/.github/workflows/scorecards-analysis.yaml
+++ /dev/null

@@ -1,75 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to you under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-##
-# WARNING: due to a difference in the name of the main branch in
-# `logging-parent` and this repo, Scorecard fails if we use reusable workflows.
-##
-name: scorecards-analysis
-
-on:
-  branch_protection_rule:
-  schedule:
-    - cron: "30 1 * * 6"    # Weekly on Saturdays
-  push:
-    branches: [ "2.x", "main" ]
-
-permissions: read-all
-
-jobs:
-
-  analysis:
-
-    name: "Scorecards analysis"
-    runs-on: ubuntu-latest
-    permissions:
-      # Needed to upload the results to the code-scanning dashboard.
-      security-events: write
-      actions: read
-      id-token: write # This is required for requesting the JWT
-      contents: read  # This is required for actions/checkout
-
-    steps:
-
-      - name: "Checkout code"
-        uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f   # 4.1.3
-        with:
-          persist-credentials: false
-
-      - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736    # 2.3.1
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          # A read-only PAT token, which is sufficient for the action to function.
-          # The relevant discussion: https://github.com/ossf/scorecard-action/issues/188
-          repo_token: ${{ secrets.GITHUB_TOKEN }}
-          # Publish the results for public repositories to enable scorecard badges.
-          # For more details: https://github.com/ossf/scorecard-action#publishing-results
-          publish_results: true
-
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba    # 3.1.0
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 5
-
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71    # 2.1.22
-        with:
-          sarif_file: results.sarif