Change how scorecard action is executed - Githubissues

openwall / john-packages

Community packages of John the Ripper, the auditing tool and advanced offline password cracker (Docker images, Windows PortableApp, Mac OS, Flatpak, and Ubuntu SNAP packages)

https://www.openwall.com/john/

GNU General Public License v2.0

104 stars 18 forks source link

Change how scorecard action is executed #643

Closed claudioandre-br closed 3 days ago

claudioandre-br commented 3 days ago

Describe your changes

Ensure the job is only run in the project's original repository.

Use a new approach to control and filter when the action is executed:

only in the original repository;
only targeting the main branch.

Plus:

or in a scheduled execution;
or in a push for main.

In fact, all actions will be changed if this works properly.

Checklist before requesting a review

[x] I checked that all workflows return a success.
[x] I have performed a self-review of my code.
[ ] I have added tests that prove my fix is effective or that my feature works.
[x] I followed the [Conventional Commit spec][commitMessage].

Maintainer tasks

[x] Label as either: bug, ci, docker, documentation, enhancement.
[x] Sign unsigned commits.

[commitMessage]: https://github.com/openwall/john-packages/blob/main/docs/commit-message.md#how-a-commit-message-should-be

claudioandre-br commented 3 days ago

bot: MERGE status

github-actions[bot] commented 3 days ago

🤖: status
- reviewDecision: APPROVED ✔
- mergeStateStatus: BLOCKED ❌

claudioandre-br commented 3 days ago

The bot itself can't change an action recipe. Tomorrow we'll see if it complains about workflow dependencies