| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Pinned actions by SHA https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
>Pin actions to a full length commit SHA
>Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions
Also dependabot supports upgrades based on SHA.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
|
|
|
|
|
|
| |
… as currently with `v1`, `remove-stale-when-updated` is set but isn't causing labels to be updated when comments are added.
Signed-off-by: Stuart Shelton <stuart@shelton.me>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the GitHub action to mark issues and PRs as stale. There are a
couple of useful features, most importantly, the bot will remove the
stale label from issues as soon as there's either an activity or a
comment.
This reduces some manual overhead: the stale bot will only drop a
comment on issues and PRs that are not marked as stale. Hence, as we
appreciated the reminders, we had to manually remove the label which
should now turn into campfire tales.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
| |
Rephrase the stale message to be friendlier and bump the closing time to
365 days. The docs of the stale workflow do not indicate whether we can
not close, so a limit of 365 days seems fair.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
| |
Without the label, issues would be closed regardless of the
"do-not-close" label.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
Add a GitHub action to mark issues and PRs as stale and
to eventually close them after a grace period.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|