Failed to run automated scorecard-action@main test-organization-ls/scorecard-action-private-repo-tests #201
Comments
|
I think this is what's causing this, #200, and #199 to fail. I'm not sure which permission is missing though--but adding read-all fixes it. Is there a certain permission necessary for workflows to make API requests? @azeemshaikh38 |
|
no permission means all permissions default to |
|
This is a great finding @rohankh532 @laurentsimon. We need to update our GitHub partnered workflow to include these changes before rolling out Golang:
|
already the case.
correct.
this is in the TODO list once we've verified that everything else works. #203 is waiting for approval to merge this change in our README before making the change to starter workflow. |
|
I have an idea what's going on. The repo is private: we should not send the data to our backend in this case, but we seem to be doing that. During verification the backend tries to verify the workflow to validate it.. but the repo is private so it's not reachable.. and it fails. The solution is to not send the data for private repo... we should not do that anyway... it's great that the verification does not work.. nice fallback in case we make a mistake on the client code. |
|
@laurentsimon isn't the repo this is being run on public? https://github.com/test-organization-ls/scorecard-action-private-repo-tests |
|
Here's what's happening on the server end. PR ossf/scorecard-webapp#85 should fix this |
|
It is a private repo. Can you confirm that you cannot visit the repo? Ouch, another nil pointer: did we push the code change to k8 cluster ( |
|
got it, so have not merged it yet. |
https://github.com/test-organization-ls/scorecard-action-private-repo-tests/actions/runs/2217769550
The text was updated successfully, but these errors were encountered: