Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: Support semantic-release for packaging #2929

Closed
travi opened this issue Apr 29, 2023 · 0 comments · Fixed by #2964
Closed

Feature: Support semantic-release for packaging #2929

travi opened this issue Apr 29, 2023 · 0 comments · Fixed by #2964
Labels
kind/enhancement New feature or request

Comments

@travi
Copy link
Contributor

travi commented Apr 29, 2023

Is your feature request related to a problem? Please describe.
As a maintainer of semantic-release, I am also a heavy user. Since semantic-release is not detected as a packaging tool, both "Packaging" and "Token-Permissions" checks are impacted negatively, even though fully automated publishing workflows are implemented

Describe the solution you'd like
It would be great if semantic-release could be detected as a packaging tool and result in improved scores for the related checks

Describe alternatives you've considered
https://github.com/ossf/scorecard/blob/27cfe92ed356fdb5a398c919ad480817ea907808/docs/checks.md#packaging mentions future improved querying of the npm registry, so waiting for that could cover a large amount of semantic-release usage. however, semantic-release is used for additional package ecosystems than npm, so this could involve waiting for support for each ecosystem registry to be supported. in addition, i imagine this would not account for "Token-Permissions"

Additional context

I am not a Go developer, so I would need guidance in order to contribute the change myself. At minimum, I am interested in coordinating with members of our community to get this implemented or at least help clarify usage details around semantic-release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant