summaryrefslogtreecommitdiff
path: root/.github/workflows/stale.yml
Commit message (Collapse)AuthorAge
* Pin actions to a full length commit SHAnaveensrinivasan2022-03-28
| | | | | | | | | | | | | | | - Pinned actions by SHA https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions >Pin actions to a full length commit SHA >Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions Also dependabot supports upgrades based on SHA. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Use more recent `stale` release...Stuart Shelton2021-05-16
| | | | | | … as currently with `v1`, `remove-stale-when-updated` is set but isn't causing labels to be updated when comments are added. Signed-off-by: Stuart Shelton <stuart@shelton.me>
* update stale botValentin Rothberg2020-09-22
| | | | | | | | | | | | | | Update the GitHub action to mark issues and PRs as stale. There are a couple of useful features, most importantly, the bot will remove the stale label from issues as soon as there's either an activity or a comment. This reduces some manual overhead: the stale bot will only drop a comment on issues and PRs that are not marked as stale. Hence, as we appreciated the reminders, we had to manually remove the label which should now turn into campfire tales. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* github stale workflow: rephrase and bump close timeValentin Rothberg2020-01-07
| | | | | | | | Rephrase the stale message to be friendlier and bump the closing time to 365 days. The docs of the stale workflow do not indicate whether we can not close, so a limit of 365 days seems fair. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* stale action: add exempt-issue-labelValentin Rothberg2019-10-30
| | | | | | | Without the label, issues would be closed regardless of the "do-not-close" label. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* GitHub stale actionValentin Rothberg2019-10-28
Add a GitHub action to mark issues and PRs as stale and to eventually close them after a grace period. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>