search

scikit-hep / pyhf

pure-Python HistFactory implementation with tensors and autodiff
https://pyhf.readthedocs.io/
Apache License 2.0
274 stars 81 forks source link

ci: Add OSSF Scorecard GitHub action #2482

Closed matthewfeickert closed 1 month ago

matthewfeickert commented 1 month ago

Description

Checklist Before Requesting Reviewer

Before Merging

For the PR Assignees:

* Add the Open Source Security Foundation (OSSF) scorecard GitHub action
  to perform security tests.
   - c.f. https://github.com/ossf/scorecard-action
* Change from using branch protection rules to using repository rulesets
  to allow for use of action without personal access tokens.
   - c.f. https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets
   - c.f. https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional
* Recommended as part of SPEC-8: Supply-Chain Security.
   - c.f. https://discuss.scientific-python.org/t/spec-8-supply-chain-security/1163
codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 98.21%. Comparing base (39d56f1) to head (199a50b).

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #2482 +/- ## ======================================= Coverage 98.21% 98.21% ======================================= Files 69 69 Lines 4543 4543 Branches 804 804 ======================================= Hits 4462 4462 Misses 48 48 Partials 33 33 ``` | [Flag](https://app.codecov.io/gh/scikit-hep/pyhf/pull/2482/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep) | Coverage Δ | | |---|---|---| | [contrib](https://app.codecov.io/gh/scikit-hep/pyhf/pull/2482/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep) | `97.79% <ø> (ø)` | | | [doctest](https://app.codecov.io/gh/scikit-hep/pyhf/pull/2482/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep) | `98.08% <ø> (ø)` | | | [unittests-3.10](https://app.codecov.io/gh/scikit-hep/pyhf/pull/2482/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep) | `96.23% <ø> (ø)` | | | [unittests-3.11](https://app.codecov.io/gh/scikit-hep/pyhf/pull/2482/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep) | `96.23% <ø> (ø)` | | | [unittests-3.12](https://app.codecov.io/gh/scikit-hep/pyhf/pull/2482/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep) | `96.23% <ø> (ø)` | | | [unittests-3.8](https://app.codecov.io/gh/scikit-hep/pyhf/pull/2482/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep) | `96.25% <ø> (ø)` | | | [unittests-3.9](https://app.codecov.io/gh/scikit-hep/pyhf/pull/2482/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep) | `96.27% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

matthewfeickert commented 1 month ago

I'm going to approve and merge this myself. As always, PRs approved by a single core dev can be reverted as needed by the rest of the dev team.