Update release.yml (#344)

* Update release.yml hot fix for SBOM generation Signed-off-by: Sam Yuan <yy19902439@126.com> * fix up scorecard Signed-off-by: Sam Yuan <yy19902439@126.com> * add OpenSSF Scorecard badge Signed-off-by: Sam Yuan <yy19902439@126.com> --------- Signed-off-by: Sam Yuan <yy19902439@126.com>
Hyperledger-TWGC · Dec 27, 2023 · feb47c1 · feb47c1
1 parent f8e847b
commit feb47c1
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 7 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -73,7 +73,7 @@ jobs:
       - name: Generate SBOM
         uses: anchore/sbom-action@v0.15.1
         with:
-          image: ghcr.io/hyperledger-twgc/tape:${{ steps.meta.outputs.labels }}
+          path: ./
           artifact-name: tape-${{ steps.meta.outputs.labels }}.json
           output-file: ./tape-${{ steps.meta.outputs.labels }}.spdx.json
       - name: Attach SBOM to release

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -3,13 +3,15 @@
 # policy, and support documentation.
 
 name: Scorecard supply-chain security
+
 on:
-  push:
-    branches: # pushing tags is also considered as a push. Exclude this here.
-      - "*" 
+  # Only the default branch is supported.
+  branch_protection_rule:
   schedule:
-    - cron: "0 7 * * *" # https://crontab.guru/#0_0_*_*_0
-
+    # Weekly on Saturdays.
+    - cron: '30 1 * * 6'
+  push:
+    branches: [ main, master ]
 
 # Declare default permissions as read only.
 permissions: read-all

diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@
 </div>
 
 [![Go doc](https://img.shields.io/badge/go.dev-reference-brightgreen?logo=go&logoColor=white&style=flat)](https://pkg.go.dev/github.com/hyperledger-twgc/tape)
-[![Github workflow test](https://github.com/Hyperledger-TWGC/tape/actions/workflows/test.yml/badge.svg)](https://github.com/Hyperledger-TWGC/tape/actions/workflows/test.yml)[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/7388/badge)](https://bestpractices.coreinfrastructure.org/projects/7388)
+[![Github workflow test](https://github.com/Hyperledger-TWGC/tape/actions/workflows/test.yml/badge.svg)](https://github.com/Hyperledger-TWGC/tape/actions/workflows/test.yml)[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/7388/badge)](https://bestpractices.coreinfrastructure.org/projects/7388)[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/Hyperledger-TWGC/tape/badge)](https://securityscorecards.dev/viewer/?uri=github.com/Hyperledger-TWGC/tape)
 
 A light-weight tool to test performance of Hyperledger Fabric