From a507d3351128b5c6e4b1415fda9fb4871015baa4 Mon Sep 17 00:00:00 2001
From: Boris Glimcher <36732377+glimchb@users.noreply.github.com>
Date: Wed, 5 Jul 2023 13:23:49 -0400
Subject: [PATCH] Add OpenSSF scorecard workflow

Ensure following best open source security practices by monitoring
OpenSSF score of the project.

Signed-off-by: Boris Glimcher <36732377+glimchb@users.noreply.github.com>
---
 .github/workflows/scorecard.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 .github/workflows/scorecard.yml

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
new file mode 100644
index 00000000..224ea6ca
--- /dev/null
+++ b/.github/workflows/scorecard.yml
@@ -0,0 +1,22 @@
+name: OpenSSF
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+permissions:
+  contents: read
+
+jobs:
+  call:
+    permissions:
+      # Keep in sync with opi-smbios-bridge, no direct way to inherit permissions
+      contents: read
+      security-events: write
+      id-token: write
+      actions: read
+    uses: opiproject/opi-smbios-bridge/.github/workflows/scorecard.yml@main
+    secrets: inherit