CI/CD in general is a powerful tool. Actions adds to this by extracting common use-cases into their own repositories so that their functionality can be shared across projects.
Khronos Group Actions aims to encourage the usage of GitHub Actions throughout Khronos Group repositories while conforming to security best practices.
- All Third-Party Actions used by the Khronos Group must be referenced from this organisation. See Using Third Party Actions
- If a new Third Party Action is needed. It must be audited and forked into this organisation, especially if used in private repositories.
- Any secrets or tokens must be scoped appropriately to a repository using a bot account. See Using Secrets, Use credentials that are minimally scoped
- If in doubt always refer to the Security Hardnening For Github Actions Guide
- If you usage of Actions are not covered by the Security Hardening Guide, make contact with an Administrator of the Khronos Group GitHub Organisation's for further guidance before continuing