-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix release workflow to run on a manual trigger #15
Comments
this is done now. Closing |
@naveensrinivasan I now remember why this needs some update. We need to generate the action container image based on a manual GitHub trigger. It does not work on a push trigger. Currently we generate the image at release time. However, we need the image hash to edit https://github.com/ossf/scorecard-action/blob/main/action.yaml#L45 prior to releasing. I've listed the steps necessary to release the action in #33 Does this make sense? |
Fixed by #38 |
https://github.com/ossf/scorecard-action/blob/main/action.yaml#L48 we need to pin our docker.
However, there's a problem because we currently generate the docker file upon new release generation thru this workflow https://github.com/ossf/scorecard-action/blob/main/.github/workflows/docker-sign.yml
This is a chicken-and-egg problem: in order to generate the release, we need the right hash to pin the action's docker image. But to generate it, we need a release. We may need to split the problem into 2 stages:
@naveensrinivasan @azeemshaikh38 other ideas?
The text was updated successfully, but these errors were encountered: