taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 10:20:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: revert codeql-action to tag in scorecard.yml (#105)

Browse Source 
Scorecard webapp verifies upload-sarif action by tag, not SHA.
Pinning to SHA causes imposter commit error on webapp submission.
This commit is contained in:
DevITWay | Pavel Volkov
2026-04-06 02:38:06 +03:00
committed by GitHub
parent 69b7f1fb4e
commit 0c95fa9786
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/scorecard.yml vendored
View File

@@ -32,7 +32,7 @@ jobs:
repo_token: ${{ secrets.SCORECARD_TOKEN || secrets.GITHUB_TOKEN }}
- name: Upload Scorecard results to GitHub Security tab
uses: github/codeql-action/upload-sarif@a60c4df7a135c7317c1e9ddf9b5a9b07a910dda9 # v4
uses: github/codeql-action/upload-sarif@v4 # tag required by scorecard webapp verification
with:
sarif_file: results.sarif
category: scorecard