[Github] Fix scorecard action (#131472)

This patch fixes the scorecard action. It is currently failing with an error due to the upload-artifact action being too far out of date. https://github.com/llvm/llvm-project/actions/runs/13865016326/job/38802095257 is an example of a job failure. This patch also bumps the other actions versions while we are at it.
2025-04-16 00:16:30 +00:00 · 2025-03-21 11:26:25 -07:00 · 2025-03-21 11:26:25 -07:00 · 312051591c
commit 312051591c
parent a17b03f0e4
1 changed files with 4 additions and 4 deletions
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@ -31,12 +31,12 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

      - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
        with:
          results_file: results.sarif
          results_format: sarif
@ -49,7 +49,7 @@ jobs:
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
        with:
          name: SARIF file
          path: results.sarif
@ -57,6 +57,6 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        uses: github/codeql-action/upload-sarif@80f993039571a6de66594ecaa432875a6942e8e0 # v2.20.6
        with:
          sarif_file: results.sarif