Add OSP Reusable Workflow for Scans

[leordev]

Similar to TBD54566975/developer.tbd.website#1348

It also include the OSSF Scan checks.

PS: Note that it's fine to reuse a workflow without pinning the dependency because OSSF checks for the nested workflow. (In this case we are setting to main branch TBD54566975/open-source-programs/.github/workflows/security.yml@main ).

[github-actions]

TBDocs Report

🛑 Errors: 0
⚠️ Warnings: 4

@web5/api

• Project entry file: packages/api/src/index.ts

@web5/crypto

• Project entry file: packages/crypto/src/index.ts

@web5/crypto-aws-kms

• Project entry file: packages/crypto-aws-kms/src/index.ts

📄 File: ./packages/crypto-aws-kms/src/ecdsa.ts
⚠️ extractor:typedoc:missing-docs: EcdsaAlgorithm (Class) does not have any documentation.

📄 File: ./packages/crypto-aws-kms/src/key-manager.ts
⚠️ extractor:typedoc:missing-docs: AwsKeyManager (Class) does not have any documentation.

📄 File: ./packages/crypto-aws-kms/src/utils.ts
⚠️ extractor:typedoc:missing-docs: getKeySpec (CallSignature) does not have any documentation.

🔀 Misc.
⚠️ extractor:typedoc:invalid-link: Failed to resolve link to "@web5/crypto#Secp256k1.adjustSignatureToLowS | here" in comment for EcdsaAlgorithm.sign. You may have wanted "@web5/crypto!Secp256k1.adjustSignatureToLowS | here"

@web5/dids

• Project entry file: packages/dids/src/index.ts

@web5/credentials

• Project entry file: packages/credentials/src/index.ts

---

TBDocs Report Updated at 2024-04-03T15:47:30Z 810ed68

[codecov-commenter]

Codecov Report

Merging #467 (1728401) into main (070d892) will increase coverage by 2.86%.
Report is 1 commits behind head on main.
The diff coverage is n/a.

❗ Current head 1728401 differs from pull request most recent head 810ed68. Consider uploading reports for the commit 810ed68 to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #467      +/-   ##
==========================================
+ Coverage   90.54%   93.40%   +2.86%     
==========================================
  Files         112       80      -32     
  Lines       29085    24014    -5071     
  Branches     2078     1925     -153     
==========================================
- Hits        26335    22431    -3904     
+ Misses       2715     1538    -1177     
- Partials       35       45      +10     

Components	Coverage Δ
agent	88.72% <ø> (+9.89%)	⬆️
api	97.30% <ø> (-0.44%)	⬇️
common	98.68% <ø> (ø)
credentials	94.95% <ø> (-0.26%)	⬇️
crypto	93.81% <ø> (ø)
dids	97.65% <ø> (ø)
identity-agent	56.81% <ø> (-39.89%)	⬇️
crypto-aws-kms	100.00% <ø> (ø)
proxy-agent	58.43% <ø> (-38.28%)	⬇️
user-agent	55.22% <ø> (-41.49%)	⬇️

[thehenrytsai]

@leordev Nice work for abstracting these workflows away from the dependent repos!