Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: scorecard-action is failing consistently starting with 2.0.0 #900

Closed
godofredoc opened this issue Sep 10, 2022 · 2 comments · Fixed by flutter/packages#2595
Closed

Bug: scorecard-action is failing consistently starting with 2.0.0 #900

godofredoc opened this issue Sep 10, 2022 · 2 comments · Fixed by flutter/packages#2595
Assignees
@azeemshaikh38

Comments

@godofredoc
Copy link

Updating to 2.0.2 didn't fix the issue.

Generating ephemeral keys...
Retrieving signed certificate...

    Note that there may be personally identifiable information associated with this signed artifact.
    This may include the email address associated with the account with which you authenticate.
    This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later.

Non-interactive mode detected, using device flow.
Enter the verification code CFFR-RKTZ in your browser at: https://oauth2.sigstore.dev/auth/device?user_code=CFFR-RKTZ
Code will be valid for 300 seconds
2022/09/09 15:45:40 error signing scorecard json results: error signing payload: getting key from Fulcio: retrieving cert: error obtaining token: expired_token
This was referenced Sep 12, 2022
Merged
Merged
This was referenced Sep 12, 2022
Merged
Closed
@azeemshaikh38
Copy link
Contributor

Looking into it. v2.0.3 fixed it for other repos which were noticing similar errors, trying to debug why this did not fix it for Flutter

@azeemshaikh38 azeemshaikh38 self-assigned this Sep 12, 2022
@azeemshaikh38 azeemshaikh38 mentioned this issue Sep 12, 2022
Merged
11 tasks
@godofredoc
Copy link
Author

Thank you @azeemshaikh38 for the fix.

For context if anybody is hitting this issue you may be missing the id-token permission as in here: https://github.com/flutter/flutter/blob/master/.github/workflows/scorecards-analysis.yml#L22

OrKoN added a commit to puppeteer/replay that referenced this issue Sep 16, 2022
@OrKoN
chore: id-token permissions
1e451f9 
See ossf/scorecard-action#900
@OrKoN OrKoN mentioned this issue Sep 16, 2022
Merged
OrKoN added a commit to puppeteer/puppeteer that referenced this issue Sep 16, 2022
@OrKoN
chore: add id-token permissions to scorecard-action
eb85122 
See ossf/scorecard-action#900

Example failure with scorecard-action@2 https://github.com/puppeteer/puppeteer/actions/runs/3066712334/jobs/4952194627
@OrKoN OrKoN mentioned this issue Sep 16, 2022
Merged
OrKoN added a commit to puppeteer/puppeteer that referenced this issue Sep 16, 2022
@OrKoN
chore: add id-token permissions to scorecard-action
30ff76c 
See ossf/scorecard-action#900

Example failure with scorecard-action@2 https://github.com/puppeteer/puppeteer/actions/runs/3066712334/jobs/4952194627
jrandolf pushed a commit to puppeteer/replay that referenced this issue Sep 16, 2022
@OrKoN @jrandolf
chore: id-token permissions
1922d51 
See ossf/scorecard-action#900
OrKoN added a commit to puppeteer/replay that referenced this issue Sep 16, 2022
@OrKoN
chore: add id-token permissions to scorecard-action (#295)
2fa9c94 
See ossf/scorecard-action#900

Example failure with scorecard-action@2 https://github.com/puppeteer/replay/actions/runs/3060651741/jobs/4939423471
OrKoN added a commit to puppeteer/puppeteer that referenced this issue Sep 19, 2022
@OrKoN
chore: add id-token permissions to scorecard-action (#8971)
6f37eed 
See ossf/scorecard-action#900

Example failure with scorecard-action@2 https://github.com/puppeteer/puppeteer/actions/runs/3066712334/jobs/4952194627
@nahteb nahteb mentioned this issue Sep 30, 2022
Merged
@spencerschrock spencerschrock mentioned this issue Oct 28, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@azeemshaikh38 azeemshaikh38

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix bug in scorecard-action workflow azeemshaikh38/packages
2 participants
@azeemshaikh38 @godofredoc