From d0bf425f1b100df13a1223262fe7faf7b7290eec Mon Sep 17 00:00:00 2001
From: Peter Schutt <peter.github@proton.me>
Date: Sun, 30 Oct 2022 19:11:02 +1000
Subject: [PATCH] ci: remove scorecards.yml (#37)

* ci: remove scorecards.yml

2022/10/30 07:50:57 error signing scorecard json results: error signing payload: getting key from Fulcio: verifying SCT: updating local metadata and targets: error updating to TUF remote mirror: tuf: invalid key

* docs(readme): removes scorecard badge
---
 .github/workflows/scorecards.yml | 62 --------------------------------
 README.md                        |  3 --
 2 files changed, 65 deletions(-)
 delete mode 100644 .github/workflows/scorecards.yml

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
deleted file mode 100644
index 44ed0cd4..00000000
--- a/.github/workflows/scorecards.yml
+++ /dev/null
@@ -1,62 +0,0 @@
-name: Scorecards supply-chain security
-on:
-  # Only the default branch is supported.
-  branch_protection_rule:
-  schedule:
-    - cron: "33 22 * * 2"
-  push:
-    branches: ["main"]
-
-# Declare default permissions as read only.
-permissions: read-all
-
-jobs:
-  analysis:
-    name: Scorecards analysis
-    runs-on: ubuntu-latest
-    permissions:
-      # Needed to upload the results to code-scanning dashboard.
-      security-events: write
-      # Used to receive a badge.
-      id-token: write
-      # Needs for private repositories.
-      contents: read
-      actions: read
-
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0
-        with:
-          persist-credentials: false
-
-      - name: "Run analysis"
-        uses: ossf/scorecard-action@865b4092859256271290c77adbd10a43f4779972 # tag=v2.0.3
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
-          # - you want to enable the Branch-Protection check on a *public* repository, or
-          # - you are installing Scorecards on a *private* repository
-          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
-          # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
-
-          # Publish the results for public repositories to enable scorecard badges. For more details, see
-          # https://github.com/ossf/scorecard-action#publishing-results.
-          # For private repositories, `publish_results` will automatically be set to `false`, regardless
-          # of the value entered here.
-          publish_results: true
-
-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 5
-
-      # Upload the results to GitHub's code scanning dashboard.
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26
-        with:
-          sarif_file: results.sarif
diff --git a/README.md b/README.md
index d48f4cf5..9c4c8559 100644
--- a/README.md
+++ b/README.md
@@ -16,9 +16,6 @@
   <a href="https://results.pre-commit.ci/latest/github/topsport-com-au/starlite-saqlalchemy/main">
     <img alt="pre-commit.ci status" src="https://results.pre-commit.ci/badge/github/topsport-com-au/starlite-saqlalchemy/main.svg"/>
   </a>
-  <a href="https://api.securityscorecards.dev/projects/github.com/topsport-com-au/starlite-saqlalchemy">
-    <img alt="OpenSSF Scorecard" src="https://api.securityscorecards.dev/projects/github.com/topsport-com-au/starlite-saqlalchemy/badge"/>
-  </a>
 </p>
 
 Configuration for a [Starlite](https://github.com/starlite-api/starlite) application that features: