Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

workflows: Partially revert action versions

Browse source 
Commit f0058259 started not pinning hashes for actions that are used in
workflows that have no runtime or build security impact.

The change does not work for scorecard as scorecard does not tag "v2":
so we have to pin it. Luckily scorecard does not do that many releases.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This commit is contained in:
Jussi Kukkonen 2023-10-09 18:40:07 +03:00
parent 00b67c0a67
commit d5c953d575
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/scorecards.yml vendored
View file

@ -25,7 +25,7 @@ jobs:
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: "Run analysis"
uses: ossf/scorecard-action@v2 # unpinned since this is not security critical
uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0
with:
results_file: results.sarif
# sarif format required by upload-sarif action