Skip to content

Disable the scorecard analysis run temporarily#5808

Merged
guhetier merged 2 commits intomainfrom
guhetier/disable_scorecard_analysis
Mar 4, 2026
Merged

Disable the scorecard analysis run temporarily#5808
guhetier merged 2 commits intomainfrom
guhetier/disable_scorecard_analysis

Conversation

@guhetier
Copy link
Collaborator

@guhetier guhetier commented Feb 23, 2026

Description

The Scorecard analysis workflow systematically fails because of an error 401. It generates noise and makes it harder to check if something else went wrong in the CI run: the main branch always shows a failed status (https://github.com/microsoft/msquic/commits/main/).

This PR disable the run.
Fixing the permission is already tracked by #5479

Testing

CI

Documentation

N/A

@guhetier guhetier requested a review from a team as a code owner February 23, 2026 17:21
@guhetier guhetier requested a review from anrossi February 23, 2026 17:22
@codecov
Copy link

codecov bot commented Feb 23, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.81%. Comparing base (2c2f078) to head (e810e66).
⚠️ Report is 14 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #5808      +/-   ##
==========================================
- Coverage   86.19%   84.81%   -1.39%     
==========================================
  Files          60       60              
  Lines       18729    18732       +3     
==========================================
- Hits        16144    15888     -256     
- Misses       2585     2844     +259

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

mtfriesen
mtfriesen requested changes Mar 2, 2026
View reviewed changes
Copy link
Contributor

@mtfriesen mtfriesen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is unlikely to get traction any time soon, and doesn't provide clear value to our customers or the community, even when it works.

Let's cut the work item and delete the yaml.

@guhetier
Copy link
Collaborator Author

guhetier commented Mar 4, 2026

@copilot Remove the scorecard analysis completely, cleaning up after yourself.

Copy link
Contributor

Copilot AI commented Mar 4, 2026

@guhetier I've opened a new pull request, #5842, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI mentioned this pull request Mar 4, 2026
Closed
@guhetier
Copy link
Collaborator Author

guhetier commented Mar 4, 2026

While trying to get a better idea whether this is a problem to remove fully, I saw the doc seems to say the token is needed only for a corner case:

https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md

For repositories that want to detect their classic Branch Protection rules

Maybe just deleting it will fix it. Otherwise, we can delete the workflow: scanning happens anyway, the action helps the maintainer of ossf to spend less resources.

@guhetier guhetier merged commit adfed92 into main Mar 4, 2026
523 checks passed
@guhetier guhetier deleted the guhetier/disable_scorecard_analysis branch March 4, 2026 17:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtfriesen mtfriesen mtfriesen approved these changes

@anrossi anrossi Awaiting requested review from anrossi

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@guhetier @mtfriesen