From 3cd21d4d6619812cdae9c6be2577679c5c8f5676 Mon Sep 17 00:00:00 2001
From: Pedro Nacht <15221358+pnacht@users.noreply.github.com>
Date: Tue, 20 Sep 2022 17:45:47 -0300
Subject: [PATCH 1/2] Set scorecard-action to v2.0.3

scorecard-action does not have a major version tag.

Temporarily disabling github.repository check to ensure action now works.
---
 .github/workflows/scorecards.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 7799c33b66683..0ffb45c91c90f 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -20,7 +20,7 @@ jobs:
       # Used to receive a badge.
       id-token: write
 
-    if: github.repository == 'pandas-dev/pandas'  # don't run on forks
+    # if: github.repository == 'pandas-dev/pandas'  # don't run on forks
 
     steps:
       - name: "Checkout code"
@@ -29,7 +29,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@v2
+        uses: ossf/scorecard-action@v2.0.3
         with:
           results_file: results.sarif
           results_format: sarif

From 46e29aba47c3598171f83c2a975d261f0b767c0c Mon Sep 17 00:00:00 2001
From: Pedro Nacht <15221358+pnacht@users.noreply.github.com>
Date: Tue, 20 Sep 2022 17:48:03 -0300
Subject: [PATCH 2/2] Enable github.repository check

---
 .github/workflows/scorecards.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 0ffb45c91c90f..73cab7ff909fc 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -20,7 +20,7 @@ jobs:
       # Used to receive a badge.
       id-token: write
 
-    # if: github.repository == 'pandas-dev/pandas'  # don't run on forks
+    if: github.repository == 'pandas-dev/pandas'  # don't run on forks
 
     steps:
       - name: "Checkout code"