Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: add secrets to actions that use the bot #556

Merged
merged 9 commits into from
Sep 13, 2024
Merged

chore: add secrets to actions that use the bot #556

merged 9 commits into from
Sep 13, 2024

Conversation

klmcadams
Copy link
Contributor

Replace bot username and email with secrets and update corresponding examples

THIS IS A BREAKING CHANGE

@klmcadams klmcadams requested a review from a team as a code owner September 4, 2024 15:52
@ansys-reviewer-bot
Copy link
Contributor

Thanks for opening a Pull Request. If you want to perform a review write a comment saying:

@ansys-reviewer-bot review

@github-actions github-actions bot added the maintenance Generic maintenance related label Sep 4, 2024
RobPasMue
RobPasMue requested changes Sep 5, 2024
View reviewed changes
doc-deploy-changelog/action.yml Outdated Show resolved Hide resolved
doc-deploy-changelog/action.yml Outdated Show resolved Hide resolved
doc-deploy-dev/action.yml Outdated Show resolved Hide resolved
doc-deploy-dev/action.yml Outdated Show resolved Hide resolved
doc-deploy-stable/action.yml Outdated Show resolved Hide resolved
doc-deploy-stable/action.yml Outdated Show resolved Hide resolved
RobPasMue
RobPasMue reviewed Sep 5, 2024
View reviewed changes
doc-changelog/action.yml Outdated Show resolved Hide resolved
doc-changelog/action.yml Outdated Show resolved Hide resolved
@klmcadams
Copy link
Contributor Author

@SMoraisAnsys @germa89 @RobPasMue I applied your suggestions. The reason why I was using the environment variables was because of an article Jay shared with us a long time ago about secure development practices in GitHub actions. I haven't been able to find the article, but I'll share it with you if I find it

@klmcadams
Copy link
Contributor Author

klmcadams commented Sep 11, 2024
edited
Loading

Here is an article that talks about using env variables to prevent script injection vulnerabilities: https://www.stepsecurity.io/blog/github-actions-security-best-practices#prevent-script-injection-vulnerabilities-2

Because of this, I think I should add back the env variable for at least the PR title

@RobPasMue
Copy link
Member

Here is an article that talks about using env variables to prevent script injection vulnerabilities: https://www.stepsecurity.io/blog/github-actions-security-best-practices#prevent-script-injection-vulnerabilities-2

Because of this, I think I should add back the env variable for at least the PR title

Good find @klmcadams - let's do it only for the github-context related things.

@RobPasMue
Copy link
Member

Or even all of them - as long as it is justified, that's fine by me

@klmcadams
Copy link
Contributor Author

Ok! I'm going to follow this article - https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections

@klmcadams klmcadams marked this pull request as draft September 11, 2024 14:51
@klmcadams klmcadams marked this pull request as ready for review September 11, 2024 16:24
RobPasMue
RobPasMue reviewed Sep 12, 2024
View reviewed changes
Copy link
Member

@RobPasMue RobPasMue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have the feeling you missed some of them @klmcadams - sorry for going back and forth on all these inputs. At least now it's clear.

doc-changelog/action.yml Show resolved Hide resolved
doc-changelog/action.yml Show resolved Hide resolved
doc-changelog/action.yml Show resolved Hide resolved
@klmcadams klmcadams merged commit 92cd10b into main Sep 13, 2024
16 checks passed
@klmcadams klmcadams deleted the maint/secrets-for-bot branch September 13, 2024 13:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MaxJPRey MaxJPRey MaxJPRey approved these changes

@RobPasMue RobPasMue RobPasMue approved these changes

@germa89 germa89 Awaiting requested review from germa89

@SMoraisAnsys SMoraisAnsys Awaiting requested review from SMoraisAnsys

Assignees
No one assigned
Labels
maintenance Generic maintenance related
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@klmcadams @RobPasMue @germa89 @MaxJPRey @SMoraisAnsys