ci: Add Scorecard workflow

Signed-off-by: noa limoy <[email protected]>

Author: noalimoy

.github/workflows/scorecard.yaml

@@ -11,8 +11,19 @@ on:
   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
   schedule:
     - cron: '16 21 * * 1'
-  push:
-    branches: [ "main" ]
+
+  # Allow manual triggering with branch selection
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Branch to scan'
+        required: true
+        default: 'main'
+        type: choice
+        options:
+          - main
+          - notebooks-v1
+          - notebooks-v2
 
 # Declare default permissions as read only.
 permissions: read-all
@@ -32,7 +43,8 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        id: checkout
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
 
@@ -54,14 +66,14 @@ jobs:
           # For private repositories:
           #   - `publish_results` will always be set to `false`, regardless
           #     of the value entered here.
-          publish_results: true
+          publish_results: false
 
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
-          name: SARIF file
+          name: SARIF file - ${{ github.event.inputs.branch || 'main' }}
           path: results.sarif
           retention-days: 5