Merge branch 'main' into main

2025-05-29 17:45:45 +08:00 · 2024-03-26 15:16:32 -04:00 · 2024-03-26 15:16:32 -04:00 · 5a0fe793ec
commit 5a0fe793ec
parent 7cd2c68e2d 25e90e51d7
3 changed files with 25 additions and 27 deletions
--- a/.github/workflows/security_badge.yml
+++ b/.github/workflows/security_badge.yml
@ -1,5 +1,5 @@
 # NOTE: Best to keep all of these remarks in, they might prove useful in the future.
-#       This is basically just the standard one that is sugested on 'new workflow'.
+#       This is basically just the standard one that is suggested on 'new workflow'.

 name: Scorecard supply-chain security
 on:
@ -21,51 +21,42 @@ jobs:
    name: Scorecard analysis
    runs-on: ubuntu-latest
    permissions:
-      # Needed to upload the results to code-scanning dashboard.
+      # Needed for Code scanning upload
      security-events: write
-      # Needed to publish results and get a badge (see publish_results below).
+      # Needed for GitHub OIDC token if publish_results is true
      id-token: write
-      # Uncomment the permissions below if installing in a private repository.
-      # contents: read
-      # actions: read

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          persist-credentials: false

      - name: "Run analysis"
-        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
        with:
          results_file: results.sarif
          results_format: sarif
-          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
-          # - you want to enable the Branch-Protection check on a *public* repository, or
-          # - you are installing Scorecard on a *private* repository
-          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
-          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
-
-          # Public repositories:
-          #   - Publish results to OpenSSF REST API for easy access by consumers
-          #   - Allows the repository to include the Scorecard badge.
-          #   - See https://github.com/ossf/scorecard-action#publishing-results.
-          # For private repositories:
-          #   - `publish_results` will always be set to `false`, regardless
-          #     of the value entered here.
+          # Scorecard team runs a weekly scan of public GitHub repos,
+          # see https://github.com/ossf/scorecard#public-data.
+          # Setting `publish_results: true` helps us scale by leveraging your workflow to
+          # extract the results instead of relying on our own infrastructure to run scans.
+          # And it's free for you!
          publish_results: true

-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
+      # Upload the results as artifacts (optional). Commenting out will disable
+      # uploads of run results in SARIF format to the repository Actions tab.
+      # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts
      - name: "Upload artifact"
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
        with:
          name: SARIF file
          path: results.sarif
          retention-days: 5

-      # Upload the results to GitHub's code scanning dashboard.
+      # Upload the results to GitHub's code scanning dashboard (optional).
+      # Commenting out will disable upload of results to your repo's Code Scanning dashboard
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        uses: github/codeql-action/upload-sarif@83a02f7883b12e0e4e1a146174f5e2292a01e601 # v2.16.4
        with:
          sarif_file: results.sarif
--- a/README.md
+++ b/README.md
@ -26,7 +26,9 @@
 *With hundreds of settings & community-managed print profiles,* <br>
 *Ultimaker Cura is sure to lead your next project to a success.*

-<br>
+**Contribute Printer Profiles?** -- Please [look here](https://github.com/Ultimaker/Cura/wiki/Adding-new-machine-profiles-to-Cura) first. <br>
+**Contribute Translations?** -- Please [look here](https://github.com/Ultimaker/Cura/wiki/Translating-Cura) first.
+
 <br>

 [![Button Building]][Building]   
--- a/resources/i18n/README.md
+++ b/resources/i18n/README.md
@ -0,0 +1,5 @@
+If you aim to contribute translations please [look here](https://github.com/Ultimaker/Cura/wiki/Translating-Cura) first.
+
+In particular, take heed of the following: <br>
+When we're in the release-window (so that's when we have the beta out for the next Cura, but not the final release yet), we're also in the process of updating translations.
+_**If you make a PR with updated or fixed translations within this timespan, it's likely that your additions/changes will be ignored in favour of the 'official' ones, due to how our process is set up.**_