From 22732b8edafcb4ae85da205ffdb82cfb3be6b5d4 Mon Sep 17 00:00:00 2001
From: Randall Wood <297232+rhwood@users.noreply.github.com>
Date: Sun, 26 Nov 2023 13:07:40 -0500
Subject: [PATCH] chore: scorecard verifies branch protection rules (#70)

* chore: scorecard verifies branch protection rules

* Add code owners

This makes review requirements possible while still working with a repo that has only a single contributor.
---
 .github/CODEOWNERS               | 2 ++
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 .github/CODEOWNERS

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..e1ea3a4
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,2 @@
+# Repo owner needs to review all changes
+*       @rhwood
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index dd7ff68..7e58948 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -49,7 +49,7 @@ jobs:
           # - you want to enable the Branch-Protection check on a *public* repository, or
           # - you are installing Scorecards on a *private* repository
           # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
-          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+          repo_token: ${{ secrets.SCORECARD_TOKEN }}
 
           # Public repositories:
           #   - Publish results to OpenSSF REST API for easy access by consumers