Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: define scorecard workflow #5764

Merged
merged 1 commit into from
Aug 24, 2024
Merged

Conversation

mmorel-35
Copy link
Contributor

@mmorel-35 mmorel-35 commented Aug 24, 2024

📑 Summary

Create a ascorecard workflow. It also provide the associated badge to provide public information about the conformity with OpenSSF best practices concerning security.

This PR also fixes the "Pinned dependencies" issues with github-actions.

This was done with the help of https://app.stepsecurity.io/secureworkflow

📏 Design Decisions

Describe the way your implementation works or what design decisions you made if applicable.

📋 Tasks

Make sure you

  • 📖 have read the contribution guidelines
  • 💻 have added necessary unit/e2e tests.
  • 📓 have added documentation. Make sure MERMAID_RELEASE_VERSION is used for all new features.
  • 🦋 If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running pnpm changeset and following the prompts. Changesets that add features should be minor and those that fix bugs should be patch. Please prefix changeset messages with feat:, fix:, or chore:.

Copy link

changeset-bot bot commented Aug 24, 2024

⚠️ No Changeset found

Latest commit: 83ee06e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@mmorel-35 mmorel-35 requested a review from sidharthv96 August 24, 2024 09:29
Copy link

netlify bot commented Aug 24, 2024

Deploy Preview for mermaid-js ready!

Name Link
🔨 Latest commit 83ee06e
🔍 Latest deploy log https://app.netlify.com/sites/mermaid-js/deploys/66c9b1878c5d040008442b77
😎 Deploy Preview https://deploy-preview-5764--mermaid-js.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

Copy link

codecov bot commented Aug 24, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 5.21%. Comparing base (534d3dd) to head (83ee06e).
Report is 2 commits behind head on develop.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##           develop   #5764      +/-   ##
==========================================
- Coverage     5.21%   5.21%   -0.01%     
==========================================
  Files          322     323       +1     
  Lines        46083   46094      +11     
  Branches       561     536      -25     
==========================================
  Hits          2402    2402              
- Misses       43681   43692      +11     
Flag Coverage Δ
unit 5.21% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 1 file with indirect coverage changes

@mmorel-35 mmorel-35 force-pushed the scorecard branch 3 times, most recently from 2836774 to 2546a7e Compare August 24, 2024 09:34
Copy link

argos-ci bot commented Aug 24, 2024

The latest updates on your projects. Learn more about Argos notifications ↗︎

Build Status Details Updated (UTC)
default (Inspect) 👍 Changes approved 1 changed Aug 24, 2024, 10:24 AM

@mmorel-35
Copy link
Contributor Author

@sidharthv96 ,
I'm going to rebase after #5765 is merged

@mmorel-35 mmorel-35 marked this pull request as ready for review August 24, 2024 10:10
@sidharthv96 sidharthv96 enabled auto-merge August 24, 2024 10:11
@sidharthv96 sidharthv96 added this pull request to the merge queue Aug 24, 2024
Merged via the queue into mermaid-js:develop with commit cac60db Aug 24, 2024
19 checks passed
@mmorel-35 mmorel-35 deleted the scorecard branch August 24, 2024 10:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants