From a95e285a77f922a3bbb195df3fc62ad752284d24 Mon Sep 17 00:00:00 2001 From: Seongho Bae Date: Wed, 8 Jul 2026 20:05:09 +0900 Subject: [PATCH] ci: remove local governance workflows duplicated by central required workflows These local workflows duplicate the org-wide CENTRAL required workflows in ContextualWisdomLab/.github (Security Scan = trivy-fs/osv-scan/scorecard, CodeQL PR, OSV-Scanner PR, Scorecard PR) that already run in this repo's context on every PR. Keeping local copies causes double runs, duplicate SARIF uploads, and duplicate CRITICAL/HIGH failures. Removing them so the central required workflow is the single governance gate. Removed: - .github/workflows/scorecard-analysis.yml Co-Authored-By: Claude Opus 4.8 Claude-Session: https://claude.ai/code/session_01RTAMs4bpSZS77Xe3RQjv9P --- .github/workflows/scorecard-analysis.yml | 32 ------------------------ 1 file changed, 32 deletions(-) delete mode 100644 .github/workflows/scorecard-analysis.yml diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml deleted file mode 100644 index fb20228..0000000 --- a/.github/workflows/scorecard-analysis.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: Scorecard - -on: - branch_protection_rule: - schedule: - - cron: '31 9 * * 2' - push: - branches: [main] - -permissions: - contents: read - security-events: write - -jobs: - analysis: - name: Scorecard Analysis - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v7 - with: - persist-credentials: false - - name: Run analysis - uses: ossf/scorecard-action@v2.4.3 - with: - results_file: results.sarif - results_format: sarif - publish_results: false - - name: Upload SARIF - uses: github/codeql-action/upload-sarif@v4 - with: - sarif_file: results.sarif