Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update github actions version comments #747

Closed
JeyJeyGao opened this issue Jul 21, 2023 · 1 comment
Closed

Update github actions version comments #747

JeyJeyGao opened this issue Jul 21, 2023 · 1 comment
Assignees
@JeyJeyGao
Labels
cli Issue or PR released to Notation CLI

Comments

@JeyJeyGao
Copy link
Contributor

What is not working as expected?

The version coment stypes are not consistent.

notation/.github/workflows/scorecard.yml

Lines 41 to 64 in 0cc39b3

- name: "Checkout code"
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # tag=3.5.3
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # tag=v2.2.0
with:
results_file: results.sarif
results_format: sarif
repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
publish_results: true
- name: "Upload artifact"
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # tag=v3.1.2
with:
name: SARIF file
path: results.sarif
retention-days: 5
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@489225d82a57396c6f426a40e66d461b16b3461d # v2.20.4
with:
sarif_file: results.sarif

Also the license checker is not pinned commit.
https://github.com/notaryproject/notation/blob/0cc39b31b92b86150590b208a3caafbf1e09ac09/.github/workflows/license-checker.yml#L26C1-L28C38

What did you expect to happen?

We should update the version comment to use the same stype like v.*
Also update license-checker.yml to use pinned commit version comment after notation-core-go releases new version.

How can we reproduce it?

See the file in the repo.

Describe your environment

Github repo.

What is the version of your Notation CLI or Notation Library?

Notation v1.0.0-rc.7
@JeyJeyGao JeyJeyGao added the cli Issue or PR released to Notation CLI label Jul 21, 2023
@JeyJeyGao JeyJeyGao self-assigned this Jul 21, 2023
@yizha1
Copy link
Contributor

yizha1 commented Aug 22, 2023

Closed as completed by #742

@yizha1 yizha1 closed this as completed Aug 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JeyJeyGao JeyJeyGao

Labels
cli Issue or PR released to Notation CLI
Projects
Notary Project Planning Board
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JeyJeyGao @yizha1