From 64354cd07b2e8e1241445066a7aafb1603cce700 Mon Sep 17 00:00:00 2001 From: Meder Kydyraliev Date: Tue, 24 Aug 2021 07:44:36 +1000 Subject: [PATCH] Update README.md --- README.md | 73 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 37 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index c60ba133f52..c28005a50de 100644 --- a/README.md +++ b/README.md @@ -11,11 +11,11 @@ * [Goals](#goals) * [Scorecard Checks](#scorecard-checks) * [Usage](#usage) + * [Authentication](#authentication) * [Docker](#docker) * [Using repository URL](#using-repository-url) * [Using a Package manager](#using-a-package-manager) * [Running specific checks](#running-specific-checks) - * [Authentication](#authentication) * [Understanding Scorecard results](#understanding-scorecard-results) * [Formatting Results](#formatting-results) * [Public Data](#public-data) @@ -67,6 +67,42 @@ the [checks documentation page](docs/checks.md). ## Usage +### Authentication + +Before running Scorecard, you need to, either: + +- [create a GitHub access token](https://docs.github.com/en/free-pro-team@latest/developers/apps/about-apps#personal-access-tokens) + and set it in an environment variable called `GITHUB_AUTH_TOKEN`, + `GITHUB_TOKEN`, `GH_AUTH_TOKEN` or `GH_TOKEN`. This helps to avoid the + GitHub's [api rate limits](https://developer.github.com/v3/#rate-limiting) + with unauthenticated requests. + +```shell +# For posix platforms, e.g. linux, mac: +export GITHUB_AUTH_TOKEN= +# Multiple tokens can be provided separated by comma to be utilized +# in a round robin fashion. +export GITHUB_AUTH_TOKEN=, + +# For windows: +set GITHUB_AUTH_TOKEN= +set GITHUB_AUTH_TOKEN=, +``` + +- create a GitHub App Installations for higher rate-limit quotas. If you have + an installed GitHub App and key file, you can use these three environment + variables, following the commands shown above for your platform. + +``` +GITHUB_APP_KEY_PATH= +GITHUB_APP_INSTALLATION_ID= +GITHUB_APP_ID= +``` + +These can be obtained from the GitHub +[developer settings](https://github.com/settings/apps) page. + + ### Docker `scorecard` is available as a Docker container: @@ -220,41 +256,6 @@ names. For example, `--checks=CI-Tests,Code-Review`. -### Authentication - -Before running Scorecard, you need to, either: - -- [create a GitHub access token](https://docs.github.com/en/free-pro-team@latest/developers/apps/about-apps#personal-access-tokens) - and set it in an environment variable called `GITHUB_AUTH_TOKEN`, - `GITHUB_TOKEN`, `GH_AUTH_TOKEN` or `GH_TOKEN`. This helps to avoid the - GitHub's [api rate limits](https://developer.github.com/v3/#rate-limiting) - with unauthenticated requests. - -```shell -# For posix platforms, e.g. linux, mac: -export GITHUB_AUTH_TOKEN= -# Multiple tokens can be provided separated by comma to be utilized -# in a round robin fashion. -export GITHUB_AUTH_TOKEN=, - -# For windows: -set GITHUB_AUTH_TOKEN= -set GITHUB_AUTH_TOKEN=, -``` - -- create a GitHub App Installations for higher rate-limit quotas. If you have - an installed GitHub App and key file, you can use these three environment - variables, following the commands shown above for your platform. - -``` -GITHUB_APP_KEY_PATH= -GITHUB_APP_INSTALLATION_ID= -GITHUB_APP_ID= -``` - -These can be obtained from the GitHub -[developer settings](https://github.com/settings/apps) page. - ### Understanding Scorecard results Each check returns a **Pass / Fail** decision, as well as a confidence score