Skip to content

ci: add dep review, OSSF scorecard actions #7063

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mohammed90 merged 6 commits into from
Jun 12, 2025
Merged

ci: add dep review, OSSF scorecard actions #7063

mohammed90 merged 6 commits into from
Jun 12, 2025

Conversation

@mohammed90
Copy link
Member

@mohammed90 mohammed90 commented Jun 12, 2025
edited
Loading

It helps avoid conflicting licenses amongst other benefits.

This is a draft until I configure it to our liking (knobs).

@mohammed90
ci: add dep review action
41ed3a3 
Signed-off-by: Mohammed Al Sahaf <[email protected]>
@mohammed90 mohammed90 added the CI/CD 🔩 Automated tests, releases label Jun 12, 2025
@mohammed90 mohammed90 marked this pull request as ready for review June 12, 2025 22:03
@mohammed90
Copy link
Member Author

mohammed90 commented Jun 12, 2025
edited
Loading

We need to go through these (https://scorecard.dev/) and the scorecard to improve the scoring:
https://github.com/ossf/scorecard/blob/main/docs/checks.md

mholt
mholt approved these changes Jun 12, 2025
View reviewed changes
Copy link
Member

@mholt mholt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, thanks! This should tick some boxes in our list.

Hopefully the permissions don't break releases, but it doesn't look like they would. (We can always test with a RC or something.)

@mohammed90 mohammed90 changed the title ci: add dep review action ci: add dep review, OSSF scorecard actions Jun 12, 2025
@mohammed90 mohammed90 enabled auto-merge (squash) June 12, 2025 23:35
@mohammed90 mohammed90 merged commit 7a33f48 into master Jun 12, 2025
24 checks passed
@mohammed90 mohammed90 deleted the add-dep-review-action branch June 12, 2025 23:40
@BrewTestBot BrewTestBot mentioned this pull request Aug 22, 2025
Merged
1 task
@francislavoie francislavoie added this to the v2.10.1 milestone Aug 22, 2025
mohammed90 added a commit to cedricziel/caddy that referenced this pull request Aug 29, 2025
@mohammed90
ci: add dep review, OSSF scorecard actions (caddyserver#7063)
0f44e01 
* ci: add dep review action

Signed-off-by: Mohammed Al Sahaf <[email protected]>

* sprinkle permissions on Actions jobs

Signed-off-by: Mohammed Al Sahaf <[email protected]>

* README: add OpenSSF best practices badge

Signed-off-by: Mohammed Al Sahaf <[email protected]>

* add draft OpenSSF Scorecard workflow

Signed-off-by: Mohammed Al Sahaf <[email protected]>

---------

Signed-off-by: Mohammed Al Sahaf <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mholt mholt mholt approved these changes

@francislavoie francislavoie Awaiting requested review from francislavoie

Assignees

No one assigned

Labels

CI/CD 🔩 Automated tests, releases

Projects

None yet

Milestone

v2.10.1

Development

Successfully merging this pull request may close these issues.

3 participants

@mohammed90 @mholt @francislavoie