✨ Enable dangerous workflow in release test

[asraa]

Signed-off-by: Asra Ali [email protected]

• Please check if the PR fulfills these requirements

• [ x] Tests for the changes have been added (for bug fixes / features)
• [ x] PR title follows the guidelines defined in https://github.com/ossf/scorecard/blob/main/CONTRIBUTING.md#pr-process

• What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)

• Enables Dangerous-Workflow in release test

• What is the current behavior? (You can also link to an open issue here)
  Part of Feature: Rollout the Dangerous-Workflow check #1399

• What is the new behavior (if this is a feature change)?

• Does this PR introduce a breaking change? (What changes might users need to make in their application due to this PR?)
  no

• Other information:

[azeemshaikh38]

Thanks! How does this enable it though? I thought this env var only blocks CLI from running Dangerous-Workflow?

[asraa]

Thanks! How does this enable it though? I thought this env var only blocks CLI from running Dangerous-Workflow?

Shoot, I took a second to trace through and I'm confused why it's not in there.

scorecard/cron/k8s/worker.release.yaml

Line 43 in 65eddea

value: "SAST,CI-Tests,Contributors"

doesn't include DangerousWorkflow so checksToRun should contain that (

scorecard/cron/worker/main.go

Line 209 in 08a7876

checksToRun := checks.AllChecks

)...

[azeemshaikh38]

Shoot, I took a second to trace through and I'm confused why it's not in there.

I just found the bug - the env var is misspelled - https://github.com/ossf/scorecard/blob/main/cron/k8s/worker.release.yaml#L42. I'm an idiot. Could you please fix that in this PR?

[azeemshaikh38]

Thanks!

[github-actions]

Integration tests success for
[7ea87a6]
(https://github.com/ossf/scorecard/actions/runs/1588878947)