ci: Adding workflow to gather contributors

[sscheib]

SUMMARY

ISSUE TYPE

• Bugfix Pull Request
• Continuous Integration (CI) Pull Request
• Docs Pull Request
• Feature Pull Request
• Test Pull Request

ADDITIONAL INFORMATION

[github-actions[bot]]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

OpenSSF Scorecard

Package	Version	Score	Details
actions/github/contributors	135b0430e856ade27175cbd1d4e1e11b0dd8ef95	:green_circle: 8.4	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: 4 branch protection is not maximal on development and all release branches CI-Tests :green_circle: 10 15 out of 15 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :warning: -1 Found no human activity in the last 15 changesets Contributors :green_circle: 10 project has 17 contributing companies or organizations Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :green_circle: 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Packaging :green_circle: 10 packaging workflow detected Pinned-Dependencies :green_circle: 6 dependency not pinned by hash detected -- score normalized to 6 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected
actions/peter-evans/create-issue-from-file	24452a72d85239eacf1468b0f1982a9f3fec4c94	:warning: 5.3	Details Check Score Reason Code-Review :warning: -1 Found no human activity in the last 30 changesets Maintained :green_circle: 10 12 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing :warning: 0 project is not fuzzed Security-Policy :warning: 0 security policy file not detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
actions/step-security/harden-runner	5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde	:green_circle: 8.8	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 14 out of 14 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 project has 2 contributing companies or organizations -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :green_circle: 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Packaging :warning: -1 packaging workflow not detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 9 SAST tool detected but not run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/contributors.yml

• github/contributors@135b0430e856ade27175cbd1d4e1e11b0dd8ef95
• peter-evans/create-issue-from-file@24452a72d85239eacf1468b0f1982a9f3fec4c94
• step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde

[sscheib]

:tada: This PR is included in version 1.4.7 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: