From 6213479bc1c10c2fde660352e70c8f167f2dbc12 Mon Sep 17 00:00:00 2001
From: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Date: Tue, 13 Sep 2022 11:35:51 -0700
Subject: [PATCH] feat: do not run signing on pull requests (#935)

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

Signed-off-by: laurentsimon <laurentsimon@google.com>
---
 main.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/main.go b/main.go
index 8728ae24..4d1629a3 100644
--- a/main.go
+++ b/main.go
@@ -33,7 +33,9 @@ func main() {
 		log.Fatalf("error during command execution: %v", err)
 	}
 
-	if os.Getenv(options.EnvInputPublishResults) == "true" {
+	if os.Getenv(options.EnvInputPublishResults) == "true" &&
+		// `pull_request` do not have the necessary `token-id: write` permissions.
+		os.Getenv("GITHUB_EVENT_NAME") != "pull_request" {
 		// Get json results by re-running scorecard.
 		jsonPayload, err := signing.GetJSONScorecardResults()
 		if err != nil {