Run scorecards only on pushes to main.

[godofredoc]

This is to prevent the workflow from failing when running in branches
with no previous data to compare.

It also adds the scorecard badge to the README file.

Pre-launch Checklist

• I read the Contributor Guide and followed the process outlined there for submitting PRs.
• I read the Tree Hygiene wiki page, which explains my responsibilities.
• I read and followed the relevant style guides and ran the auto-formatter. (Unlike the flutter/flutter repo, the flutter/packages repo does use dart format.)
• I signed the CLA.
• The title of the PR starts with the name of the package surrounded by square brackets, e.g. [shared_preferences]
• I listed at least one issue that this PR fixes in the description above.
• I updated pubspec.yaml with an appropriate new version according to the pub versioning philosophy, or this PR is exempt from version changes.
• I updated CHANGELOG.md to add a description of the change, following repository CHANGELOG style.
• I updated/added relevant documentation (doc comments with ///).
• I added new tests to check the change I am making, or this PR is test-exempt.
• All existing and new tests are passing.

If you need help, consider asking for advice on the #hackers-new channel on Discord.

[stuartmorgan]

Aren't these just different syntax for the same thing? Or is the fix the removal of the empty entry above?

[godofredoc]

Yeah not sure it the empty branch protection was causing this workflow to run on push of any branch.

[stuartmorgan]

LGTM I guess, it's just not clear to me that this will actually fix it.

If it does, we need the same change in flutter/plugins.

[ditman]

Odd that we haven't seen this more often. Dependabot creates branches all the time that should be triggering this more often? (maybe?)

(Also, this will have to be merged with the submit-queue in red to attempt to fix it)

[godofredoc]

Odd that we haven't seen this more often. Dependabot creates branches all the time that should be triggering this more often? (maybe?)

(Also, this will have to be merged with the submit-queue in red to attempt to fix it)

Yeah but dependabot is actually creating a PR in this case it was a direct push, should I disable that to make packages consistent with flutter/flutter and flutter/engine?

[stuartmorgan]

I'm not aware of a reason we should have a different setup here than flutter/flutter and flutter/engine, so I'd be fine with aligning the configurations and seeing if anything breaks.

[ditman]

dependabot is actually creating a PR in this case it was a direct push, should I disable that to make packages consistent with flutter/flutter and flutter/engine?

No, I meant that dependabot creates branches in the repo to create their PRs, similar to the branch that was causing the error?

Anyway, the Scorecard is now passing on master, yay!