Closed UlisesGascon closed 1 year ago
Sending a PR should be the best choice
Also the update core index.js is failing:
I assume the same will happen with Update Npm Index as it will require write permissions.
Maybe the best option for now is disable the protection to a level that the workflows can commit to main?
As agreed on last meeting, the approach will be to migrate the Github actions with writing permissions to send a Pr with the changes:
In the meantime I can keep my fork running the actions and I can PR the changes until we make the refactor as my fork does not includes the branch protections. This won't impact negatively in the scorecard as it is a Pr that we will review 😉
I close the issues as the workflows are working fine now 🎉
The OpenSSF Scoring workflow is failing has we had changed the rules in the repo to make
main
a protected branch:You can check the settings here. I believe that we might make it work by disable the
Do not allow bypassing the above settings
option. But this might impact the scorecard for nodejs/security-wg