Closed mcserep closed 5 months ago
@intjftw Can you please take a look on this and merge it? Not super important, but the CI job gets failing, and I get notifications.
After the merge, the job still fails, as for the ossf/scorecard-action
action, there is no support for semantic version tags (e.g. v2
), like for any other GitHub Action. Instead, explicit version tags have to be used.
Fixed 8e84d84e29a0cec6cb0af9f6dcc587ea9ff34480.
The Scorecard job added in #716 started to fail a week after, stating:
See e.g. https://github.com/Ericsson/CodeCompass/actions/runs/8411925535/job/23032110561 for reference.
It is discussed in https://github.com/ossf/scorecard-action/issues/997, that the Scorecard Action should be updated to v2.3.1.
I have replaced the pinned versions with semantic version requirements, so bugfixes and other non-breaking improvements are added automatically to newer pipeline runs. We do not use hash pinning in other CI pipelines as well.