Workflows failing due repo config

[UlisesGascon]

The OpenSSF Scoring workflow is failing has we had changed the rules in the repo to make main a protected branch:

Pushing changes to database and report
/usr/bin/git push origin --force --no-verify --repo ***github.com/undefined.git
remote: error: GH006: Protected branch update failed for refs/heads/main.        
remote: error: At least 1 approving review is required by reviewers with write access.        
To https://github.com/nodejs/security-wg
 ! [remote rejected] main -> main (protected branch hook declined)

You can check the settings here. I believe that we might make it work by disable the Do not allow bypassing the above settings option. But this might impact the scorecard for nodejs/security-wg

[RafaelGSS]

Sending a PR should be the best choice

[UlisesGascon]

Also the update core index.js is failing:

I assume the same will happen with Update Npm Index as it will require write permissions.

[UlisesGascon]

Maybe the best option for now is disable the protection to a level that the workflows can commit to main?

[UlisesGascon]

As agreed on last meeting, the approach will be to migrate the Github actions with writing permissions to send a Pr with the changes:

• [x] Update core index.json https://github.com/nodejs/security-wg/pull/998
• [x] Update npm index.json https://github.com/nodejs/security-wg/pull/999
• [x] OpenSSF Scoring https://github.com/nodejs/security-wg/pull/997

In the meantime I can keep my fork running the actions and I can PR the changes until we make the refactor as my fork does not includes the branch protections. This won't impact negatively in the scorecard as it is a Pr that we will review 😉

[UlisesGascon]

I close the issues as the workflows are working fine now 🎉