Update scorecard action to v2.0.3 (#3162)
Supersedes https://github.com/dart-lang/dartdoc/pull/3159
diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index 557b816..e52c752 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -15,17 +15,18 @@
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
+ id-token: write
actions: read
contents: read
steps:
- name: "Checkout code"
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.0
+ uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
with:
persist-credentials: false
- name: "Run analysis"
- uses: ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564 # v1.0.4
+ uses: ossf/scorecard-action@865b4092859256271290c77adbd10a43f4779972
with:
results_file: results.sarif
results_format: sarif
@@ -40,7 +41,7 @@
# Upload the results as artifacts (optional).
- name: "Upload artifact"
- uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.0.0
+ uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
with:
name: SARIF file
path: results.sarif
@@ -48,6 +49,6 @@
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@b398f525a5587552e573b247ac661067fafa920b # v1.0.26
+ uses: github/codeql-action/upload-sarif@b398f525a5587552e573b247ac661067fafa920b
with:
sarif_file: results.sarif