Skip to content

chore(ci): pin all 3rd party actions #1441

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 8, 2023
Merged

chore(ci): pin all 3rd party actions #1441

merged 1 commit into from
May 8, 2023

Conversation

dreamorosi
Copy link
Contributor

Description of your changes

As described in the linked issue, we want to apply a zero-trust policy on all 3rd party GitHub Actions by pinning their commit sha. This allows us to ensure that our workflow use only a version of the action that we know it's legitimate and we trust.

This PR introduces full commit hashes to all 3rd party GitHub Actions used in our workflows.

Related issues, RFCs

Issue number: #1440

Checklist

  • My changes meet the tenets criteria
  • I have performed a self-review of my own code
  • I have commented my code where necessary, particularly in areas that should be flagged with a TODO, or hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my change is effective and works
  • The PR title follows the conventional commit semantics

Breaking change checklist

Is it a breaking change?: NO

  • I have documented the migration process
  • I have added, implemented necessary warnings (if it can live side by side)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

@dreamorosi dreamorosi self-assigned this May 8, 2023
@dreamorosi dreamorosi linked an issue May 8, 2023 that may be closed by this pull request
Maintenance: remove allow list from untrusted workflows #1440
Closed
2 tasks
@boring-cyborg boring-cyborg bot added the automation This item relates to automation label May 8, 2023
@pull-request-size pull-request-size bot added the size/L PRs between 100-499 LOC label May 8, 2023
@dreamorosi dreamorosi merged commit 681646d into main May 8, 2023
@dreamorosi dreamorosi deleted the 1440-maintenance-remove-allow-list-from-untrusted-workflows branch May 8, 2023 13:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@dreamorosi dreamorosi

Labels
automation This item relates to automation size/L PRs between 100-499 LOC
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Maintenance: remove allow list from untrusted workflows
1 participant
@dreamorosi