aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarius Jahandarie <djahandarie@gmail.com>2023-08-20 11:21:42 +0900
committerGitHub <noreply@github.com>2023-08-20 11:21:42 +0900
commitdea8898c9dbfefde038c1648580efd25f974126f (patch)
treeec87c13347f7d6a55add48d9e8520b80e2e3c9fe
parent51f0f0c4d1828a4cf715269feeae879fe610f204 (diff)
Use a fine-grained PAT in scorecard.yml
For additional checks in the scorecard, such as branch protection checks.
-rw-r--r--.github/workflows/scorecard.yml3
1 files changed, 2 insertions, 1 deletions
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 21927f18..cb9db177 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -16,6 +16,7 @@ permissions: read-all
jobs:
analysis:
name: Scorecard analysis
+ environment: scorecard
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
@@ -41,7 +42,7 @@ jobs:
# - you want to enable the Branch-Protection check on a *public* repository, or
# - you are installing Scorecard on a *private* repository
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
- # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+ repo_token: ${{ secrets.SCORECARD_TOKEN }}
# Public repositories:
# - Publish results to OpenSSF REST API for easy access by consumers