mirror of
https://github.com/ossf/scorecard.git
synced 2024-08-15 19:30:40 +03:00
* wip Signed-off-by: Spencer Schrock <sschrock@google.com> * try to use jq without quotes Signed-off-by: Spencer Schrock <sschrock@google.com> * try to make file another way. Signed-off-by: Spencer Schrock <sschrock@google.com> * try using homedir Signed-off-by: Spencer Schrock <sschrock@google.com> * add github token to env Signed-off-by: Spencer Schrock <sschrock@google.com> * add link to workflow run Signed-off-by: Spencer Schrock <sschrock@google.com> * make comment its own job Signed-off-by: Spencer Schrock <sschrock@google.com> * fix typo in job context Signed-off-by: Spencer Schrock <sschrock@google.com> * typo part 2 Signed-off-by: Spencer Schrock <sschrock@google.com> * use github-script to get PR SHAs. Signed-off-by: Spencer Schrock <sschrock@google.com> * need to go through one more type to get to API response. Signed-off-by: Spencer Schrock <sschrock@google.com> * temporarily use monitor action to see the required permissions Signed-off-by: Spencer Schrock <sschrock@google.com> * spacing is hard Signed-off-by: Spencer Schrock <sschrock@google.com> * remove monitor and apply minimal permissions the read-all at the top might be too broad, but the monitor doesnt support graphql so best we can do for now. Signed-off-by: Spencer Schrock <sschrock@google.com> * try to set the checks Signed-off-by: Spencer Schrock <sschrock@google.com> * read the comment body Signed-off-by: Spencer Schrock <sschrock@google.com> * try to get around regex syntax error? Signed-off-by: Spencer Schrock <sschrock@google.com> * quote comment body Signed-off-by: Spencer Schrock <sschrock@google.com> * we want to pass an empty string to the args Signed-off-by: Spencer Schrock <sschrock@google.com> * fix the regex string Signed-off-by: Spencer Schrock <sschrock@google.com> * rest of repo has upgraded Signed-off-by: Spencer Schrock <sschrock@google.com> * seed 15 repos to analyze to start with Signed-off-by: Spencer Schrock <sschrock@google.com> * support gitlab repos in scdiff Signed-off-by: Spencer Schrock <sschrock@google.com> * rename pr step to config we also need the checks to run, so update the name to reflect that Signed-off-by: Spencer Schrock <sschrock@google.com> * switch from default token to a PAT By default, the GitHub Action token gets 1000 req/hour. If running all checks, the before/after each take about 1100 of core quota A PAT grants 5000/hr so the 2200 required should be fine if used infrequently. Ideally, the caller will always pass the check they care about into the command Signed-off-by: Spencer Schrock <sschrock@google.com> * escape comment body with bash Signed-off-by: Spencer Schrock <sschrock@google.com> * setup go manually Signed-off-by: Spencer Schrock <sschrock@google.com> * don't need to run on comment delete Signed-off-by: Spencer Schrock <sschrock@google.com> * limit scdiff to individuals with repo access Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com> |
||
---|---|---|
.. | ||
ISSUE_TEMPLATE | ||
workflows | ||
CODEOWNERS | ||
dependabot.yml | ||
PULL_REQUEST_TEMPLATE.md |