🐛 Fix null default branch/private fields

Dockerfile

@@ -27,7 +27,8 @@ FROM gcr.io/openssf/scorecard@sha256:8165ad910019422f40c51cbb97ff6e7db0e2e2e11fa
 # TODO: use distroless.
 FROM debian:9.5-slim
 RUN apt-get update && \
-    apt-get install -y --no-install-recommends jq ca-certificates
+    apt-get install -y --no-install-recommends \
+    jq ca-certificates curl
 
 # Copy the scorecard binary from the official scorecard image.
 COPY --from=base /scorecard /scorecard

entrypoint.sh

@@ -30,13 +30,26 @@ export SCORECARD_POLICY_FILE="/policy.yml" # Copied at docker image creation.
 export SCORECARD_RESULTS_FILE="$INPUT_RESULTS_FILE"
 export SCORECARD_RESULTS_FORMAT="$INPUT_RESULTS_FORMAT"
 export SCORECARD_PUBLISH_RESULTS="$INPUT_PUBLISH_RESULTS"
-# https://docs.github.com/en/actions/learn-github-actions/environment-variables
-export SCORECARD_PRIVATE_REPOSITORY="$(jq '.repository.private' $GITHUB_EVENT_PATH)"
-export SCORECARD_DEFAULT_BRANCH="refs/heads/$(jq -r '.repository.default_branch' $GITHUB_EVENT_PATH)"
+export SCORECARD_REPOSITORY="$(jq -r '.repository.full_name' $GITHUB_EVENT_PATH)"
 export SCORECARD_BIN="/scorecard"
 export ENABLED_CHECKS=
 
-# WARNING: boolean inputs are strings https://github.com/actions/runner/issues/1483.
+## ============================== WARNING ======================================
+# https://docs.github.com/en/actions/learn-github-actions/environment-variables
+# export SCORECARD_PRIVATE_REPOSITORY="$(jq '.repository.private' $GITHUB_EVENT_PATH)"
+# export SCORECARD_DEFAULT_BRANCH="refs/heads/$(jq -r '.repository.default_branch' $GITHUB_EVENT_PATH)"
+#
+# The $GITHUB_EVENT_PATH file produces:
+# private: null
+# default_branch: null
+#
+# for trigger event `schedule`. This is a bug.
+# So instead we use the REST API to retrieve the data.
+#
+# Boolean inputs are strings https://github.com/actions/runner/issues/1483.
+# ===============================================================================
+export SCORECARD_PRIVATE_REPOSITORY="$(curl -s -H \"Authorization: Bearer $GITHUB_AUTH_TOKEN\" https://api.github.com/repos/$SCORECARD_REPOSITORY | jq -r '.private')"
+export SCORECARD_DEFAULT_BRANCH="refs/heads/$(curl -s -H \"Authorization: Bearer $GITHUB_AUTH_TOKEN\" https://api.github.com/repos/$SCORECARD_REPOSITORY | jq -r '.default_branch')"
 
 # If the repository is private, never publish the results.
 if [[ "$SCORECARD_PRIVATE_REPOSITORY" == "true" ]]; then
@@ -51,6 +64,7 @@ fi
 echo "Event file: $GITHUB_EVENT_PATH"
 echo "Event name: $GITHUB_EVENT_NAME"
 echo "Ref: $GITHUB_REF"
+echo "Repository: $SCORECARD_REPOSITORY"
 echo "Private repository: $SCORECARD_PRIVATE_REPOSITORY"
 echo "Publication enabled: $SCORECARD_PUBLISH_RESULTS"
 echo "Format: $SCORECARD_RESULTS_FORMAT"