Bad credentials using ossf/scorecard-action@3e15ea8318eee9b333819ec77a36aca8d39df13e #329
Assignees
Comments
|
Other repos are hitting this same issue: |
|
One common thing I see among the failed runs is that they seemed to be triggered on @dthaler note that support for |
|
thanks for the report @dthaler. PRs are not officially supported, but I've sent this #335 which I think should fix the issue. I have managed to reproduce the problem. The token is available in PRs which use a local branch (dependabot PRs use local branches), but is not available for PRs fr remote repo/branches: these PRs are the one that should fail. |
|
re-opening temporarily. @dthaler do you want to test at the current commit |
|
Manually tweaked the microsoft/ebpf-for-windows#1207 PR and the tests passed. Not sure that's a guarantee but it is a positive sign. Thanks. |
|
Let's cut a release and see then. Thanks! |
bors bot
added a commit
to OpenPoolProject/stratum
that referenced
this issue
Nov 6, 2022
273: chore(deps): update ossf/scorecard-action action to v2 r=renovate[bot] a=renovate[bot] [](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | major | `v1.1.1` -> `v2.0.6` | --- ### Release Notes <details> <summary>ossf/scorecard-action</summary> ### [`v2.0.6`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.6) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.5...v2.0.6) #### What's Changed - Fix - Broken dockerfile by [`@​naveensrinivasan](https://togithub.com/naveensrinivasan)` in [ossf/scorecard-action#979 **Full Changelog**: ossf/scorecard-action@v2.0.5...v2.0.6 ### [`v2.0.5`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.5) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.4...v2.0.5) #### What's Changed - Remove trailing space from example by [`@​jamacku](https://togithub.com/jamacku)` in [ossf/scorecard-action#955 - 🌱 Bump actions/cache from 3.0.8 to 3.0.10 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#956 - 🌱 Bump github/codeql-action from 2.1.25 to 2.1.26 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#957 - 🌱 Bump step-security/harden-runner from 1.4.5 to 1.5.0 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#958 - 🌱 Bump debian from `5cf1d98` to `b46fc4e` by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#959 - 🌱 Bump github.com/sigstore/cosign from 1.12.1 to 1.13.0 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#962 - 🌱 Upgrade to go 1.19 by [`@​naveensrinivasan](https://togithub.com/naveensrinivasan)` in [ossf/scorecard-action#961 - 🌱 Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#967 - 🌱 Bump golang from `c2a98a5` to `b850621` by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#966 - 🌱 Bump golang from `b850621` to `25de7b6` by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#968 - New release for Scorecard v4.8.0 by [`@​naveensrinivasan](https://togithub.com/naveensrinivasan)` in [ossf/scorecard-action#969 #### New Contributors - [`@​jamacku](https://togithub.com/jamacku)` made their first contribution in [ossf/scorecard-action#955 **Full Changelog**: ossf/scorecard-action@v2.0.4...v2.0.5 ### [`v2.0.4`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.4) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.3...v2.0.4) Fixes [#​856](https://togithub.com/ossf/scorecard-action/issues/856) #### What's Changed - 🌱 Bump github.com/caarlos0/env/v6 from 6.10.0 to 6.10.1 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#934 - feat: do not run signing on pull requests by [`@​laurentsimon](https://togithub.com/laurentsimon)` in [ossf/scorecard-action#935 - 🌱 Bump debian from 11.4-slim to 11.5-slim by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#936 - 🌱 Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#938 - 🌱 Bump github/codeql-action from 2.1.22 to 2.1.24 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#941 - 🐛 Restore behavior of ignoring scorecard runtime errors by [`@​spencerschrock](https://togithub.com/spencerschrock)` in [ossf/scorecard-action#948 - 🌱 Bump actions/dependency-review-action from 2.1.0 to 2.4.0 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#950 - 🌱 Bump github.com/sigstore/cosign from 1.12.0 to 1.12.1 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#947 - 🌱 Bump github/codeql-action from 2.1.24 to 2.1.25 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#949 - 🌱 Bump codecov/codecov-action from 3.1.0 to 3.1.1 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#942 - Create v2.0.4 patch by [`@​spencerschrock](https://togithub.com/spencerschrock)` in [ossf/scorecard-action#952 #### New Contributors - [`@​spencerschrock](https://togithub.com/spencerschrock)` made their first contribution in [ossf/scorecard-action#948 **Full Changelog**: ossf/scorecard-action@v2.0.3...v2.0.4 ### [`v2.0.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.2...v2.0.3) Patch for fix in [#​898](https://togithub.com/ossf/scorecard-action/issues/898) ### [`v2.0.2`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.1...v2.0.2) Fixes [ossf/scorecard-action#895 ### [`v2.0.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.0...v2.0.1) Fix for [#​856](https://togithub.com/ossf/scorecard-action/issues/856) ### [`v2.0.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v1.1.2...v2.0.0) #### What's Changed - 🌱 Prepare for a pre-release of the Golang action by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [ossf/scorecard-action#750 - 🌱 Bump github/codeql-action from 2.1.12 to 2.1.16 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#751 - 🌱 Bump debian from 11.3-slim to 11.4-slim by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#749 - 🌱 Bump step-security/harden-runner from 1.4.3 to 1.4.4 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#646 - 🌱 Bump actions/setup-go from 3.2.0 to 3.2.1 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#748 - 🐛 Fix dependency conflicts in go.mod by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [ossf/scorecard-action#771 - 🌱 Prepare for v2 beta1 release by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [ossf/scorecard-action#766 - multi-repo-action: Note that tool is a work-in-progress by [`@​naveensrinivasan](https://togithub.com/naveensrinivasan)` in [ossf/scorecard-action#776 - 🐛 Fix intermittent failures in CI-Tests by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [ossf/scorecard-action#778 - 🌱 Bump sigs.k8s.io/release-utils from 0.7.2 to 0.7.3 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#775 - 🌱 Bump actions/cache from 3.0.4 to 3.0.5 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#769 - 📖 Update README about the restrictions for scorecard-action:v2 by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [ossf/scorecard-action#779 - 🌱 Bump github/codeql-action from 2.1.16 to 2.1.17 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#783 - 📖 Update instructions for Scorecard badge to README by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [ossf/scorecard-action#785 - 🌱 Bump debian from `f576b80` to `a811e62` by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#787 - 🌱 Bump github.com/ossf/scorecard/v4 from 4.4.0 to 4.5.0 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#786 - 🌱 Bump github/codeql-action from 2.1.17 to 2.1.18 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#788 - 🌱 Bump actions/cache from 3.0.5 to 3.0.6 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#789 - 🐛 Add request application/json request header by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [ossf/scorecard-action#791 - Create a new release v2.0.0-alpha.1 by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [ossf/scorecard-action#803 - 🌱 Bump actions/cache from 3.0.6 to 3.0.7 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#807 - Olivekl patch 1 by [`@​olivekl](https://togithub.com/olivekl)` in [ossf/scorecard-action#809 - 🌱 Fix cosign vulnerability by [`@​naveensrinivasan](https://togithub.com/naveensrinivasan)` in [ossf/scorecard-action#812 - 🌱 Allow for publish URL override by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [ossf/scorecard-action#811 - 🌱 Bump github.com/ossf/scorecard/v4 from 4.5.0 to 4.6.0 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#820 - 🌱 Bump step-security/harden-runner from 1.4.4 to 1.4.5 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#808 - cmd/installer: Cleanups (2/n) by [`@​justaugustus](https://togithub.com/justaugustus)` in [ossf/scorecard-action#833 - Update comments to allow for renovatebot updates by [`@​laurentsimon](https://togithub.com/laurentsimon)` in [ossf/scorecard-action#834 - 🌱 Bump github.com/caarlos0/env/v6 from 6.9.3 to 6.10.0 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#839 - 🌱 Update actions/checkout requirement to [`2541b12`](https://togithub.com/ossf/scorecard-action/commit/2541b1294d2704b0964813337f33b291d3f8596b) by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#835 - 🌱 Bump github.com/sigstore/cosign from 1.11.0 to 1.11.1 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#842 - 🌱 Bump github/codeql-action from 2.1.18 to 2.1.21 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#844 - 🌱 Bump actions/setup-go from 3.2.1 to 3.3.0 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#843 - 🌱 Bump debian from `a811e62` to `68c1f6b` by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#840 - Fix workflow path in automatic creation of PR by [`@​RadoslavGatev](https://togithub.com/RadoslavGatev)` in [ossf/scorecard-action#845 - 🌱 Bump actions/dependency-review-action from [`310e0dd`](https://togithub.com/ossf/scorecard-action/commit/310e0dd64f63b1d00101ecd3225d605a74261fb7) to 2.1.0 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#838 - 🌱 Bump actions/cache from 3.0.7 to 3.0.8 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#836 - 📖 Add docs for API by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [ossf/scorecard-action#849 - 🌱 Bump github/codeql-action from 2.1.21 to 2.1.22 by [`@​dependabot](https://togithub.com/dependabot)` in [ossf/scorecard-action#853 - 🌱 Included License by [`@​naveensrinivasan](https://togithub.com/naveensrinivasan)` in [ossf/scorecard-action#852 - 🌱 Release v2.0.0 by [`@​naveensrinivasan](https://togithub.com/naveensrinivasan)` in [ossf/scorecard-action#854 #### New Contributors - [`@​RadoslavGatev](https://togithub.com/RadoslavGatev)` made their first contribution in [ossf/scorecard-action#845 **Full Changelog**: ossf/scorecard-action@v1.1.2...v2.0.0 ### [`v1.1.2`](https://togithub.com/ossf/scorecard-action/releases/tag/v1.1.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v1.1.1...v1.1.2) #### What's Changed - Fix for [ossf/scorecard-action#329 **Full Changelog**: ossf/scorecard-action@v1.1.1...v1.1.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/OpenPoolProject/stratum). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xOS4wIiwidXBkYXRlZEluVmVyIjoiMzQuMTkuMCJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Most of our runs complete successfully but we see sporadic failures with:
If our repo were misconfigured, I would expect it to fail all the time, but failures only started showing up sporadically after upgrading to the latest scorecard action.
Example failures:
https://github.com/microsoft/ebpf-for-windows/runs/6716403783?check_suite_focus=true
https://github.com/microsoft/ebpf-for-windows/runs/6716319349?check_suite_focus=true
https://github.com/microsoft/ebpf-for-windows/runs/6701969344?check_suite_focus=true
Interspersed with successes:
https://github.com/microsoft/ebpf-for-windows/runs/6716299801?check_suite_focus=true
https://github.com/microsoft/ebpf-for-windows/runs/6715903529?check_suite_focus=true
https://github.com/microsoft/ebpf-for-windows/runs/6714825453?check_suite_focus=true
The text was updated successfully, but these errors were encountered: