BenjamenMeyer
commented
7 months ago @stephengtuggy which GH action is it?
Closed stephengtuggy closed 7 months ago
BenjamenMeyer
commented
7 months ago @stephengtuggy which GH action is it?
stephengtuggy
commented
7 months ago @stephengtuggy which GH action is it?
@BenjamenMeyer this one: https://github.com/vegastrike/Vega-Strike-Engine-Source/actions/workflows/scorecards-analysis.yml
I just disabled it manually, so the problem should be solved. At least for now.
BenjamenMeyer
commented
7 months ago @stephengtuggy yeah - we're significantly out of data, version 1.0.1 and they are up to v 2.3.1.
I think it's certainly a valuable resource for us so we should update and re-enable it.
https://github.com/marketplace/actions/ossf-scorecard-action
See https://github.com/vegastrike/Vega-Strike-Engine-Source/actions/runs/6975677063/job/18983122107 . The version of the
Scorecards supply-chain securityGitHub Action we are using is so old that it tries to use Debian stretch.apt-get updatefails, since Debian stretch updates are no longer available.We probably just need to disable this GitHub action on our repo. At least as a short-term fix.