Merge pull request #1060 from jantiebot/main
fix: only get scorecard levels if user wants to see the OpenSSF scorecard
This commit is contained in:
+5
-2
@@ -186,8 +186,11 @@ async function run(): Promise<void> {
|
|||||||
)
|
)
|
||||||
|
|
||||||
// generate informational scorecard entries for all added changes in the PR
|
// generate informational scorecard entries for all added changes in the PR
|
||||||
const scorecardChanges = getScorecardChanges(changes)
|
let scorecard: Scorecard = {dependencies: []}
|
||||||
const scorecard = await getScorecardLevels(scorecardChanges)
|
if (config.show_openssf_scorecard) {
|
||||||
|
const scorecardChanges = getScorecardChanges(changes)
|
||||||
|
scorecard = await getScorecardLevels(scorecardChanges)
|
||||||
|
}
|
||||||
|
|
||||||
const minSummary = summary.addSummaryToSummary(
|
const minSummary = summary.addSummaryToSummary(
|
||||||
vulnerableChanges,
|
vulnerableChanges,
|
||||||
|
|||||||
Reference in New Issue
Block a user