scorecard pipeline is failing in `master` branch

k8gb-io / k8gb

A cloud native Kubernetes Global Balancer

https://www.k8gb.io

Apache License 2.0

882 stars 93 forks source link

scorecard pipeline is failing in `master` branch #1566

Closed ytsarev closed 4 months ago

ytsarev commented 5 months ago

It's happening for a while, example https://github.com/k8gb-io/k8gb/actions/runs/9150847377

ytsarev commented 5 months ago

@jkremser as a supply chain master, do you see there some obvious fix? :)

jkremser commented 5 months ago

🤞 https://github.com/k8gb-io/k8gb/pull/1567

ytsarev commented 5 months ago

@jkremser, thanks a ton for the quick attempt! https://github.com/k8gb-io/k8gb/actions/runs/9157536246/job/25174078930 unfortunately, it still fails

ytsarev commented 5 months ago

breadcrumb https://github.com/ossf/scorecard-action/issues/997

ytsarev commented 4 months ago

2024/06/30 12:56:35 error signing scorecard json results: error signing payload: getting key from Fulcio: verifying SCT: updating local metadata and targets: error updating to TUF remote mirror: invalid key

which is matching the issue above