Scorecard fixes (#236) #29

	name: "Static analysis"

	on:
	push:
	branches: [ "master" ]

	# Declare default permissions as read only.
	permissions: read-all

	jobs:
	static-analysis:
	name: Run ledger static analysis
	runs-on: ubuntu-20.04

	steps:
	- name: Checkout this repo
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2

	- name: Build the ledger docker image
	run: docker/ledger/build

	- name: Run static analysis
	id: static-analysis
	continue-on-error: true
	run: \|
	firmware/static-analysis/gen-static-analysis

	- name: Upload static analysis reports
	uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b #v4.5.0
	with:
	name: static-analysis-reports
	path: firmware/static-analysis/output

	- name: Report static analysis findings
	if: steps.static-analysis.outcome != 'success'
	run: \|
	echo "Static analysis reported findings. Check static-analysis-reports for a complete report." \
	> $GITHUB_STEP_SUMMARY

Provide feedback