Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release: tracking issue for v2.0.0 #765

Closed
azeemshaikh38 opened this issue Jul 15, 2022 · 9 comments · Fixed by #898
Closed

Release: tracking issue for v2.0.0 #765

azeemshaikh38 opened this issue Jul 15, 2022 · 9 comments · Fixed by #898
Assignees
@azeemshaikh38

Comments

@azeemshaikh38
Copy link
Contributor

Tracking issue for the release of v2.0.0.
@azeemshaikh38 azeemshaikh38 self-assigned this Jul 15, 2022
@azeemshaikh38
Copy link
Contributor Author

@ossf/scorecard-maintainers - thanks for all the awesome work on v2, we are (almost) ready for launch :) Aiming for a release in September 1st week. Some final pending items and their respective owners:

Happy hacking!

@justaugustus justaugustus mentioned this issue Aug 20, 2022
Merged
@justaugustus
Copy link
Member

@ossf/scorecard-maintainers - thanks for all the awesome work on v2, we are (almost) ready for launch :) Aiming for a release in September 1st week. Some final pending items and their respective owners:

#833 is ready for review!

@justaugustus
Copy link
Member

Screen Shot 2022-08-22 at 06 47 19

@ossf/scorecard-maintainers -- As a note, the next tag that we release should be v2.0.0-beta.2, v2.0.0-rc.0, or v2.0.0-rc.1.
(The alpha.N tags are out of semantic version order.)

@naveensrinivasan
Copy link
Member

Enable throttling and quotas on the Scorecard APIs - @azeemshaikh38

What is going to be the rate limit @azeemshaikh38 ?

@azeemshaikh38
Copy link
Contributor Author

@justaugustus ah you are right - https://semver.org/#spec-item-11. My bad.

@naveensrinivasan - not sure yet. Still exploring my options through Cloud Endpoints.

@azeemshaikh38 azeemshaikh38 mentioned this issue Aug 25, 2022
Merged
@jauderho
Copy link
Contributor

jauderho commented Sep 9, 2022

So I upgraded to v2 of the action yesterday and have been experiencing different errors.

  1. I was previously using GITHUB_TOKEN and that was working fine. Started getting some secondary rate limit issues while doing so and tried switching to SCORECARD_TOKEN which seems to help somewhat. See https://github.com/jauderho/dockerfiles/runs/8273026121?check_suite_focus=true#step:6:1944

  2. For some reason, there is now a request to enter a verification code: Enter the verification code CVQP-FOOD in your browser at: https://oauth2.sigstore.dev/auth/device?user_code=CVQP-FOOD. See https://github.com/jauderho/dockerfiles/runs/8273102236?check_suite_focus=true#step:6:2055

@laurentsimon
Copy link
Contributor

laurentsimon commented Sep 9, 2022
edited
Loading

does (2) only occur when you use SCORECARD_TOKEN?

for (1): @azeemshaikh38 @naveensrinivasan shall we add unit tests that monitor the rate limits imposed on a scorecard run?

@laurentsimon laurentsimon mentioned this issue Sep 9, 2022
Merged
@laurentsimon
Copy link
Contributor

  1. For some reason, there is now a request to enter a verification code: Enter the verification code CVQP-FOOD in your browser at: https://oauth2.sigstore.dev/auth/device?user_code=CVQP-FOOD. See https://github.com/jauderho/dockerfiles/runs/8273102236?check_suite_focus=true#step:6:2055

#898 should fix it

@jauderho
Copy link
Contributor

jauderho commented Sep 9, 2022

I'll retry when #898 is merged and released.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@azeemshaikh38 azeemshaikh38

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

bug: always use the default GITHUB_TOKEN for signing laurentsimon/scorecard-action
5 participants
@jauderho @naveensrinivasan @justaugustus @azeemshaikh38 @laurentsimon