Skip to content

Commit 89b83d2

Browse files
tstellartstellar
authored
[git] Add hashes to requirements.txt for extra security (#92305)
https://pip.pypa.io/en/stable/topics/secure-installs/
1 parent d3d5a30 commit 89b83d2

9 files changed

+301
-25
lines changed

.github/workflows/issue-release-workflow.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ jobs:
5353

5454
- name: Setup Environment
5555
run: |
56-
pip install -r ./llvm/utils/git/requirements.txt
56+
pip install --require-hashes -r ./llvm/utils/git/requirements.txt
5757
./llvm/utils/git/github-automation.py --token ${{ github.token }} setup-llvmbot-git
5858
5959
- name: Backport Commits

.github/workflows/issue-subscriber.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ jobs:
2222
- name: Setup Automation Script
2323
working-directory: ./llvm/utils/git/
2424
run: |
25-
pip install -r requirements.txt
25+
pip install --require-hashes -r requirements.txt
2626
2727
- name: Update watchers
2828
working-directory: ./llvm/utils/git/

.github/workflows/merged-prs.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ jobs:
2929
- name: Setup Automation Script
3030
working-directory: ./llvm/utils/git/
3131
run: |
32-
pip install -r requirements.txt
32+
pip install --require-hashes -r requirements.txt
3333
3434
- name: Add Buildbot information comment
3535
working-directory: ./llvm/utils/git/

.github/workflows/new-prs.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ jobs:
4343
- name: Setup Automation Script
4444
working-directory: ./llvm/utils/git/
4545
run: |
46-
pip install -r requirements.txt
46+
pip install --require-hashes -r requirements.txt
4747
4848
- name: Greet Author
4949
working-directory: ./llvm/utils/git/

.github/workflows/pr-request-release-note.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ jobs:
2929

3030
- name: Install Dependencies
3131
run: |
32-
pip install -r llvm/utils/git/requirements.txt
32+
pip install --require-hashes -r llvm/utils/git/requirements.txt
3333
3434
- name: Request Release Note
3535
env:

.github/workflows/pr-subscriber.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ jobs:
2222
- name: Setup Automation Script
2323
working-directory: ./llvm/utils/git/
2424
run: |
25-
pip install -r requirements.txt
25+
pip install --require-hashes -r requirements.txt
2626
2727
- name: Update watchers
2828
working-directory: ./llvm/utils/git/

.github/workflows/release-binaries.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ jobs:
4747

4848
- name: Install Dependencies
4949
run: |
50-
pip install -r ./llvm/utils/git/requirements.txt
50+
pip install --require-hashes -r ./llvm/utils/git/requirements.txt
5151
5252
- name: Check Permissions
5353
env:

.github/workflows/version-check.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ jobs:
2323

2424
- name: Install dependencies
2525
run: |
26-
pip install -r ./llvm/utils/git/requirements.txt
26+
pip install --require-hashes -r ./llvm/utils/git/requirements.txt
2727
2828
- name: Version Check
2929
run: |

llvm/utils/git/requirements.txt

Lines changed: 293 additions & 17 deletions
Large diffs are not rendered by default.

0 commit comments

Comments
 (0)