From 37e56fbe0b4543cea6c3e177d2ab7878c7983cfe Mon Sep 17 00:00:00 2001
From: martincostello <martin@martincostello.com>
Date: Tue, 24 Oct 2023 10:39:28 +0100
Subject: [PATCH] Use GitHub app for scorecard

Use a GitHub app to get a token so that we can run a more detailed scan with the scorecard tool.
---
 .github/workflows/scorecard.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index fe439e9d..766d46d7 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -1,6 +1,7 @@
 name: ossf-scorecard
 
 on:
+  branch_protection_rule:
   push:
     branches: [ main ]
   schedule:
@@ -25,10 +26,19 @@ jobs:
         with:
           persist-credentials: false
 
+      - name: Get application token
+        id: get-application-token
+        uses: peter-murray/workflow-application-token-action@8e1ba3bf1619726336414f1014e37f17fbadf1db # v2.1.0
+        with:
+          application_id: ${{ vars.JET_GITHUB_APPLICATION_ID }}
+          application_private_key: ${{ secrets.JET_GITHUB_SECRET_KEY }}
+          organization: ${{ github.repository_owner }}
+
       - name: Run analysis
         uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
         with:
           publish_results: true
+          repo_token: ${{ steps.get-application-token.outputs.token }}
           results_file: results.sarif
           results_format: sarif