Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Tracking] Make our Actions workflows more secure #128

Closed
3 tasks done
zeke opened this issue May 4, 2020 · 5 comments
Closed
3 tasks done

[Tracking] Make our Actions workflows more secure #128

zeke opened this issue May 4, 2020 · 5 comments
Labels
engineering Will involve Docs Engineering

Comments

@zeke
Copy link
Contributor

zeke commented May 4, 2020
edited by chiedo
Loading

We want our use of GitHub Actions to be a secure as possible. This is a tracking issue for steps we can take to make them more secure. See https://github.com/github/security/issues/3907

cc @github/content-platform-engineering
@github-actions
Copy link
Contributor

This issue is stale because it has been open 60 days with no activity.

@zeke
Copy link
Contributor Author

zeke commented Sep 25, 2020

This is not on fire, but I think it's still relevant.

I think the AllowList will become more important after we've open-sourced to help prevent any malicious (or unreliable) actions being introduced into our workflows.

@zeke
Copy link
Contributor Author

zeke commented Oct 5, 2020

I made some progress toward this with https://github.com/github/docs-internal/pull/15850 which adds an Actions AllowList

@zeke zeke transferred this issue from another repository Oct 6, 2020
@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Oct 6, 2020
@zeke zeke added engineering Will involve Docs Engineering and removed triage Do not begin working on this issue until triaged by the team labels Oct 6, 2020
@chiedo chiedo mentioned this issue Oct 15, 2020
Merged
2 tasks
@chiedo
Copy link
Contributor

chiedo commented Oct 15, 2020

Opened a PR to move all versions to shas! #555

@chiedo
Copy link
Contributor

chiedo commented Oct 15, 2020

Handled the shas! Will leave the following for someone else

Create a test to lint workflows for correctness and consistency

@nschonni nschonni mentioned this issue Nov 13, 2020
Merged
4 tasks
nschonni added a commit to nschonni/github-docs that referenced this issue Nov 16, 2020
@nschonni
chore: Add Prettier for Yaml formatting
92740f6 
Related to github#128
- Prettier to fix indenting/quoting across files
- Manually adjust list styles to "-" style
- Ignore all translated files from automated formatting
- Drop redundant CI env variable
@chiedo chiedo closed this as completed Nov 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
engineering Will involve Docs Engineering
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zeke @chiedo