Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hash-pin workflow Actions #787

Merged
merged 2 commits into from
Jul 5, 2023
Merged

Hash-pin workflow Actions #787

merged 2 commits into from
Jul 5, 2023

Conversation

pnacht
Copy link
Contributor

@pnacht pnacht commented Jun 28, 2023

Fixes #786.

As described in the issue, this PR hash-pins all workflow Actions to protect the project from supply-chain attacks.

I've also set up dependabot to monitor the GitHub Actions. Whenever a new version is released, you'll receive a PR updating the Action's hash and the associated version comment.

@pnacht
Hash-pin Actions
33f23a3 
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
@pnacht
Add dependabot to keep Actions updated
24c50e6 
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
@Louis-Ye
Copy link
Collaborator

Trying to get more context here. Is this a mandatory policy update to use workflow actions from Google internally (if so, is there a link for it; feel free to send it to yelouis@)? I can see that there is some mentioning at https://opensource.google/documentation/reference/github/services#actions, but it would be great to see if this is actually a policy. Thanks!

@codecov-commenter
Copy link

codecov-commenter commented Jun 28, 2023
edited
Loading

Codecov Report

Merging #787 (24c50e6) into main (91b7bce) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #787   +/-   ##
=======================================
  Coverage   66.99%   66.99%           
=======================================
  Files          45       45           
  Lines        9862     9862           
=======================================
  Hits         6607     6607           
  Misses       2795     2795           
  Partials      460      460

@Louis-Ye
Copy link
Collaborator

LGTM

@Louis-Ye Louis-Ye merged commit 200ffdc into google:main Jul 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Louis-Ye Louis-Ye Louis-Ye approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Hash-pin workflow Actions
3 participants
@pnacht @Louis-Ye @codecov-commenter