Spaces:

Tachygraphy-Microtext-Normalization-IEMK25
/

Tachygraphy-Microtext-Analysis-and-Normalization-ArchismanCoder

Sleeping

App Files Files Community

Archisman Karmakar commited on Mar 19

Commit

0b19c18

unverified ·

1 Parent(s): 3bc6b36

Update ossar.yml

Browse files

Files changed (1) hide show

.github/workflows/ossar.yml +26 -34

.github/workflows/ossar.yml CHANGED Viewed

@@ -12,7 +12,6 @@ on:
   push:
     branches: [ "main" ]
   pull_request:
-    # The branches below must be a subset of the branches above
     branches: [ "main" ]
   schedule:
     - cron: '0 0 * * *'
@@ -22,48 +21,41 @@ permissions:
 jobs:
   OSSAR-Scan:
-    # OSSAR runs on windows-latest.
-    # ubuntu-latest and macos-latest support coming soon
     permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     runs-on: windows-latest
     steps:
-    - name: Enable long paths in Git
-      run: git config --system core.longpaths true
-    - name: Checkout repository
-      uses: actions/checkout@v4
-      with:
-        clean: true
-        fetch-depth: 1  # Fetch only the latest commit
-    # Ensure a compatible version of dotnet is installed.
-    # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
-    # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action.
-    # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped.
-    # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action:
-    # - name: Install .NET
-    #   uses: actions/setup-dotnet@v4
-    #   with:
-    #     dotnet-version: '3.1.x'
       # Run open source static analysis tools
-    - name: Run OSSAR
-      uses: github/ossar-action@v1
-      id: ossar
       # Upload results to the Security tab
-    - name: Upload OSSAR results
-      uses: github/codeql-action/upload-sarif@v3
-      with:
-        sarif_file: ${{ steps.ossar.outputs.sarifFile }}
-    # Added this to protect failed checks
-    - name: Fail on findings
-      if: steps.ossar.outputs.exit_code != '0'
-      run: exit 1

   push:
     branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
   schedule:
     - cron: '0 0 * * *'
 jobs:
   OSSAR-Scan:
     permissions:
+      contents: read             # for actions/checkout to fetch code
+      security-events: write     # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read              # required for a private repository by github/codeql-action/upload-sarif
     runs-on: windows-latest
     steps:
+      - name: Enable long paths in Git
+        run: git config --system core.longpaths true
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          clean: true
+          fetch-depth: 1  # Fetch only the latest commit
+      # Uncomment the next step if you are using a self-hosted runner that does not have a compatible .NET version installed.
+      # - name: Install .NET
+      #   uses: actions/setup-dotnet@v4
+      #   with:
+      #     dotnet-version: '3.1.x'
       # Run open source static analysis tools
+      - name: Run OSSAR
+        uses: github/ossar-action@v1
+        id: ossar
       # Upload results to the Security tab
+      - name: Upload OSSAR results
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: ${{ steps.ossar.outputs.sarifFile }}
+      # Added this to protect failed checks
+      - name: Fail on findings
+        if: steps.ossar.outputs.exit_code != '0'
+        run: exit 1