From 99230c9dbf3faa1a676f0cb5ffaba84c41f17b30 Mon Sep 17 00:00:00 2001
From: Michael Mortensen <michael@geekle.io>
Date: Fri, 15 Nov 2024 20:31:53 +0100
Subject: [PATCH] Ossf/gha scorecard (#24)

:bug: fix support for OpenSSF Scorecard
---
 .github/workflows/pipelines.yml | 6 ++----
 .github/workflows/scorecard.yml | 4 ++--
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/pipelines.yml b/.github/workflows/pipelines.yml
index 1f7ce31..abed2f6 100644
--- a/.github/workflows/pipelines.yml
+++ b/.github/workflows/pipelines.yml
@@ -5,17 +5,15 @@ on:
     paths-ignore:
       - .codecov/**
       - .docfx/**
-      - .github/**
       - .nuget/**
-      - '**.md'
+      - '**/*.md'
   push:
     branches: [main]
     paths-ignore:
       - .codecov/**
       - .docfx/**
-      - .github/**
       - .nuget/**
-      - '**.md'
+      - '**/*.md'
   workflow_dispatch:
     inputs:
       configuration:
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index bf9d97c..aabea97 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -23,14 +23,14 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@v2
+        uses: ossf/scorecard-action@v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif
           publish_results: true
 
       - name: "Upload artifact"
-        uses: actions/upload-artifact@4
+        uses: actions/upload-artifact@v4
         with:
           name: SARIF file
           path: results.sarif