From ef93c90cc3fa6ab0b5cb83d44f2b29b0ff076d9b Mon Sep 17 00:00:00 2001
From: Gary Gregory <garydgregory@gmail.com>
Date: Mon, 4 Nov 2024 19:51:18 -0500
Subject: [PATCH] Scorecard Only default branch is supported

---
 .github/workflows/scorecards-analysis.yml | 69 -----------------------
 1 file changed, 69 deletions(-)
 delete mode 100644 .github/workflows/scorecards-analysis.yml

diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
deleted file mode 100644
index eba354fe95..0000000000
--- a/.github/workflows/scorecards-analysis.yml
+++ /dev/null
@@ -1,69 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache license, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the license for the specific language governing permissions and
-# limitations under the license.
-
-name: "Scorecards supply-chain security"
-
-on:
-  branch_protection_rule:
-  schedule:
-    - cron: "30 1 * * 6"    # Weekly on Saturdays
-  push:
-    branches: [ "master" ]
-
-permissions: read-all
-
-jobs:
-
-  analysis:
-
-    name: "Scorecards analysis"
-    runs-on: ubuntu-latest
-    permissions:
-      # Needed to upload the results to the code-scanning dashboard.
-      security-events: write
-      actions: read
-      id-token: write # This is required for requesting the JWT
-      contents: read  # This is required for actions/checkout
-
-    steps:
-
-      - name: "Checkout code"
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-        with:
-          persist-credentials: false
-
-      - name: "Run analysis"
-        uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031    # 2.2.0
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          # A read-only PAT token, which is sufficient for the action to function.
-          # The relevant discussion: https://github.com/ossf/scorecard-action/issues/188
-          repo_token: ${{ secrets.GITHUB_TOKEN }}
-          # Publish the results for public repositories to enable scorecard badges.
-          # For more details: https://github.com/ossf/scorecard-action#publishing-results
-          publish_results: true
-
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce    # 3.1.0
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 5
-
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@46ed16ded91731b2df79a2893d3aea8e9f03b5c4    # 2.20.3
-        with:
-          sarif_file: results.sarif