add dependabot (#86)

* update codeql * Add dependabot * add missing id * add scorecard on pr
OfficeDev · Nov 18, 2024 · eaae417 · eaae417
1 parent 725e5ff
commit eaae417
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: daily
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -87,6 +87,7 @@ jobs:
           & $path\MSBuild\Current\Bin\amd64\msbuild.exe /m /p:Configuration="Release" ./FSSHTTPWOPIInspector/Test/WOPIautomation/WOPIautomation.sln
 
       - name: Perform CodeQL Analysis
+        id: analyze
         uses: github/codeql-action/analyze@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
         with:
           category: "/language:${{matrix.language}}"

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -13,6 +13,8 @@ on:
     - cron: '20 7 * * 4' # Run every Thursday at 7:20 UTC
   push:
     branches: ["main"]
+  pull_request:
+    branches: [ "main" ]
 
 # Declare default permissions as read only.
 permissions: read-all