Open muiriswoulfe opened 1 year ago
This issue is stale because it has been open for 60 days with no activity.
In the root folder, action.yml is used to specify the publish to the GitHub Marketplace.
I think this is slightly different, but a good point to bring up. We have the same problem with Go where repos are automatically packages without any publishing. #2493
Detecting use of the Visual Studio Marketplace is a bit more involved, but I have the following in our build pipeline
For any commonly used actions, adding support is relatively straightforward. https://github.com/ossf/scorecard/blob/5f171ba0beaa318562bbe7c060c739b481f17dde/checks/fileparser/github_workflow.go#L446 I would accept any PRs on this part of the request
This issue is stale because it has been open for 60 days with no activity.
Is your feature request related to a problem? Please describe.
Consider support GitHub Marketplace or Visual Studio Marketplace as packaging locations.
Describe the solution you'd like
I have an action that is published to both Marketplaces but fails the Packaging check in the scorecard. It would be great to get support for one or both Marketplaces as these essentially constitute locations to which a package is released.
In the root folder,
action.yml
is used to specify the publish to the GitHub Marketplace.Detecting use of the Visual Studio Marketplace is a bit more involved, but I have the following in our build pipeline:
Describe alternatives you've considered
The only real alternative is not to support this.
It would be possible to publish the package to npm just to meet the Packaging requirement, but it wouldn't be the correct thing to do as the package should not be consumed in that way.