Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a new release v2.0.0-alpha.1 #803

Merged
merged 1 commit into from Aug 15, 2022
Merged

Create a new release v2.0.0-alpha.1 #803

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 1 addition & 3 deletions action.yaml
View file
Open in desktop
Expand Up @@ -48,6 +48,4 @@ branding:

runs:
using: "docker"
image: "docker://gcr.io/openssf/scorecard-action:v2.0.0-beta.1"


image: "docker://gcr.io/openssf/scorecard-action:v2.0.0-alpha.1"
8 changes: 7 additions & 1 deletion signing/signing.go
View file
Open in desktop
Expand Up @@ -33,6 +33,8 @@ import (
"github.com/sigstore/cosign/cmd/cosign/cli/sign"
)

const scorecardAPI = "https://api.securityscorecards.dev"

// SignScorecardResult signs the results file and uploads the attestation to the Rekor transparency log.
func SignScorecardResult(scorecardResultsFile string) error {
if err := os.Setenv("COSIGN_EXPERIMENTAL", "true"); err != nil {
Expand Down Expand Up @@ -106,7 +108,11 @@ func ProcessSignature(jsonPayload []byte, repoName, repoRef, accessToken string)

// Call scorecard-webapp-api to process and upload signature.
// Setup HTTP request and context.
rawURL := fmt.Sprintf("https://api.securityscorecards.dev/projects/github.com/%s", repoName)
apiURL := scorecardAPI
if scorecardURL, exists := os.LookupEnv("SCORECARD_API_URL"); exists {
apiURL = scorecardURL
}
rawURL := fmt.Sprintf("%s/projects/github.com/%s", apiURL, repoName)
parsedURL, err := url.Parse(rawURL)
if err != nil {
return fmt.Errorf("parsing Scorecard API endpoint: %w", err)
Expand Down