| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Pinned actions by SHA https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
>Pin actions to a full length commit SHA
>Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions
Also dependabot supports upgrades based on SHA.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
| |
PR #8147 made things worse: it's not valid YAML. This at
least is valid YAML. I have no idea if it yields the
desired result, and we won't even know until it gets
merged, but at least it won't cause fatal syntax errors.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The action fails on the master branch as the regex does not match.
The error in this scenario is unfortunate and not of much value as
we do not want to change PR titles on the master branch.
To fix it, entirely disable the action on the master branch which
in restrospective may be a better approach as we do not fire off the
action.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
Add a GitHub action to add the name of the target branch as prefix to
the title of a pull request. It is easy to miss the target of a given
pull request which has already caused issues of commits going into
non-main branches without intention.
We have already used this action on the `v2.0.5-rhel` branch with
limited success. Fortunately, the upstream implemented our feature
request to support adding the _target_ branch name (rather than the
source) to the PR title, which is what we need.
Any non-main branch from this commit forward will now be clearly marked.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|