From 0ca614bd019ce629391c308403eeacf976baaf5f Mon Sep 17 00:00:00 2001 From: hmgowda Date: Mon, 30 Sep 2024 22:19:01 -0700 Subject: [PATCH] Added checks to improve openssf score (#98) --- .github/workflows/onmergerelease.yml | 6 ++++-- .github/workflows/onpullrequest.yml | 24 ++++++++++++++++++----- LICENSE | 29 ++++++++++++++++++++++++++++ 3 files changed, 52 insertions(+), 7 deletions(-) create mode 100644 LICENSE diff --git a/.github/workflows/onmergerelease.yml b/.github/workflows/onmergerelease.yml index 75d7e0a..fae1d5e 100644 --- a/.github/workflows/onmergerelease.yml +++ b/.github/workflows/onmergerelease.yml @@ -8,6 +8,8 @@ on: tags: - '**' +permissions: read-all + jobs: build-test-scan: runs-on: [ ubuntu-20.04 ] @@ -16,12 +18,12 @@ jobs: https_proxy: ${{ secrets.HTTPS_PROXY }} no_proxy: ${{ secrets.NO_PROXY }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: '1.22' diff --git a/.github/workflows/onpullrequest.yml b/.github/workflows/onpullrequest.yml index 55a0082..53389cb 100644 --- a/.github/workflows/onpullrequest.yml +++ b/.github/workflows/onpullrequest.yml @@ -3,20 +3,34 @@ name: OnPullRequest on: pull_request: +permissions: read-all + jobs: + + security-file-check: + runs-on: [ ubuntu-20.04 ] + steps: + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + with: + fetch-depth: 0 + + - name: Check Security.md file + run: | + if [ ! -f ./Security.md ]; then + echo "Security.md file is missing" + exit 1 + fi + build-test-scan: runs-on: [ ubuntu-20.04 ] + needs: [ "security-file-check" ] env: http_proxy: ${{ secrets.HTTP_PROXY }} https_proxy: ${{ secrets.HTTPS_PROXY }} no_proxy: ${{ secrets.NO_PROXY }} steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Setup Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: '1.22' diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..368624c --- /dev/null +++ b/LICENSE @@ -0,0 +1,29 @@ +Copyright (c) 2022-2023 Intel Corporation. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +1. Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + +3. Neither the name of the copyright holder nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.