From 225232ee33085a0f962870714ae8476a1fcb9c5d Mon Sep 17 00:00:00 2001
From: Joyce <joycebrumu.u@gmail.com>
Date: Wed, 19 Oct 2022 11:33:18 -0300
Subject: [PATCH 1/9] Create scorecards.yml

---
 .github/workflows/scorecards.yml | 64 ++++++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)
 create mode 100644 .github/workflows/scorecards.yml

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
new file mode 100644
index 0000000..aa6b9ca
--- /dev/null
+++ b/.github/workflows/scorecards.yml
@@ -0,0 +1,64 @@
+name: Scorecards supply-chain security
+on:
+  # Only the default branch is supported.
+  branch_protection_rule:
+  schedule:
+    - cron: '42 6 * * 2'
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Used to receive a badge.
+      id-token: write
+      # Needs for private repositories.
+      contents: read
+      actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@e363bfca00e752f91de7b7d2a77340e2e523cb18 # tag=v2.0.4
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecards on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
+
+          # Publish the results for public repositories to enable scorecard badges. For more details, see
+          # https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories, `publish_results` will automatically be set to `false`, regardless
+          # of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26
+        with:
+          sarif_file: results.sarif

From b0b7a6cab9e0728507e6d5d00806e36ecefca8cb Mon Sep 17 00:00:00 2001
From: Joyce <joycebrumu.u@gmail.com>
Date: Wed, 19 Oct 2022 12:28:21 -0300
Subject: [PATCH 2/9] Disable upload on pull request

---
 .github/workflows/scorecards.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index aa6b9ca..7227ba2 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -59,6 +59,7 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
+        if: ${{ github.event_name != 'pull_request' }}
         uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26
         with:
           sarif_file: results.sarif

From 475b21e0628bed618c9f3dac51f3bc72bdfd7a97 Mon Sep 17 00:00:00 2001
From: Joyce <joycebrumu.u@gmail.com>
Date: Thu, 17 Nov 2022 11:10:29 -0300
Subject: [PATCH 3/9] fix: upgrade codeql in scorecard.yml

---
 .github/workflows/scorecards.yml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 7227ba2..1371df4 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -21,9 +21,6 @@ jobs:
       security-events: write
       # Used to receive a badge.
       id-token: write
-      # Needs for private repositories.
-      contents: read
-      actions: read
 
     steps:
       - name: "Checkout code"
@@ -60,6 +57,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
         if: ${{ github.event_name != 'pull_request' }}
-        uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26
+        uses: github/codeql-action/upload-sarif@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # tag=v2.1.31
         with:
           sarif_file: results.sarif

From 92ac75be4a1d9989abf566f5a4fae926c649c523 Mon Sep 17 00:00:00 2001
From: Joyce <joycebrumu.u@gmail.com>
Date: Thu, 17 Nov 2022 11:14:09 -0300
Subject: [PATCH 4/9] test: remove skip if pull request

---
 .github/workflows/scorecards.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 1371df4..98b60ea 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -56,7 +56,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        if: ${{ github.event_name != 'pull_request' }}
         uses: github/codeql-action/upload-sarif@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # tag=v2.1.31
         with:
           sarif_file: results.sarif

From 3103ace24e122f174cbaaa2eb7316b249a0bc6e7 Mon Sep 17 00:00:00 2001
From: Joyce <joycebrumu.u@gmail.com>
Date: Thu, 1 Dec 2022 10:54:05 -0300
Subject: [PATCH 5/9] Update scorecards.yml

---
 .github/workflows/scorecards.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 98b60ea..0200417 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -6,7 +6,7 @@ on:
     - cron: '42 6 * * 2'
   push:
     branches: [ "master" ]
-  pull_request:
+  pull_request_target:
     branches: [ "master" ]
 
 # Declare default permissions as read only.

From fb5a8a7c69ec7fafc6ecc9cf494fcce68aa62578 Mon Sep 17 00:00:00 2001
From: Joyce <joycebrumu.u@gmail.com>
Date: Thu, 1 Dec 2022 10:58:06 -0300
Subject: [PATCH 6/9] Update scorecards.yml

---
 .github/workflows/scorecards.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 0200417..b851b57 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -8,6 +8,7 @@ on:
     branches: [ "master" ]
   pull_request_target:
     branches: [ "master" ]
+    types: [opened, reopened, synchronize]
 
 # Declare default permissions as read only.
 permissions: read-all

From 0c8071b2726e1ab89310543853890c81f14544cf Mon Sep 17 00:00:00 2001
From: Joyce <joycebrumu.u@gmail.com>
Date: Thu, 1 Dec 2022 11:01:07 -0300
Subject: [PATCH 7/9] Update scorecards.yml

---
 .github/workflows/scorecards.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index b851b57..98b60ea 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -6,9 +6,8 @@ on:
     - cron: '42 6 * * 2'
   push:
     branches: [ "master" ]
-  pull_request_target:
+  pull_request:
     branches: [ "master" ]
-    types: [opened, reopened, synchronize]
 
 # Declare default permissions as read only.
 permissions: read-all

From 0e7f523863b742cc9ae9873ef318d5c0463859d9 Mon Sep 17 00:00:00 2001
From: Joyce <joycebrumu.u@gmail.com>
Date: Fri, 9 Dec 2022 17:02:47 -0300
Subject: [PATCH 8/9] Test if solves the error on run

---
 .github/workflows/scorecards.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 98b60ea..854e744 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -29,7 +29,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@e363bfca00e752f91de7b7d2a77340e2e523cb18 # tag=v2.0.4
+        uses: laurentsimon/scorecard-action@fix/emptyprs
         with:
           results_file: results.sarif
           results_format: sarif

From 947b25900104a7b069feb51426e97059f6773c04 Mon Sep 17 00:00:00 2001
From: Joyce <joycebrumu.u@gmail.com>
Date: Fri, 16 Dec 2022 10:29:34 -0300
Subject: [PATCH 9/9] Upgrade scorecard to 2.1.0

---
 .github/workflows/scorecards.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 854e744..8805a38 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -29,7 +29,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: laurentsimon/scorecard-action@fix/emptyprs
+        uses: ossf/scorecard-action@937ffa90d79c7d720498178154ad4c7ba1e4ad8c # tag=v2.1.0
         with:
           results_file: results.sarif
           results_format: sarif