diff --git a/.github/workflows/dynamic-security-example.yaml b/.github/workflows/dynamic-security-example.yaml new file mode 100644 index 0000000..26a424d --- /dev/null +++ b/.github/workflows/dynamic-security-example.yaml @@ -0,0 +1,19 @@ +name: update-security + +on: + push: + paths: + - SECURITY.md + branches: + - main + workflow_dispatch: + +jobs: + update-security: + permissions: + contents: write + pull-requests: write + pages: write + uses: thoughtbot/templates/.github/workflows/dynamic-security.yaml@main + secrets: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/dynamic-security.yaml b/.github/workflows/dynamic-security.yaml index 2a9cdfd..1af3f67 100644 --- a/.github/workflows/dynamic-security.yaml +++ b/.github/workflows/dynamic-security.yaml @@ -9,7 +9,7 @@ on: required: true jobs: - update_security-file: + update_security: name: "Update Security file" runs-on: ubuntu-latest steps: @@ -50,4 +50,3 @@ jobs: This PR was automatically generated to update the dynamic section in the SECURITY file. Whenever SECURITY is updated, this workflow is triggered to dynamically render the snippet used in the SECURITY file. - diff --git a/.github/workflows/trigger-dynamic-readme-update.yaml b/.github/workflows/trigger-dynamic-readme-update.yaml index 901cc04..5e888cb 100644 --- a/.github/workflows/trigger-dynamic-readme-update.yaml +++ b/.github/workflows/trigger-dynamic-readme-update.yaml @@ -15,50 +15,51 @@ jobs: strategy: matrix: repository: - - thoughtbot/high_voltage - - thoughtbot/guides - - thoughtbot/administrate - - thoughtbot/shoulda-matchers - - thoughtbot/flightdeck - - thoughtbot/suspenders - - thoughtbot/shoulda-context - - thoughtbot/appraisal - - thoughtbot/clearance-i18n - - thoughtbot/gold_miner - - thoughtbot/capybara_accessibility_audit - - thoughtbot/upcase - - thoughtbot/ruby-science - - thoughtbot/terraform-flightdeck-aws-application - - thoughtbot/design-system - - thoughtbot/factory_bot_rails - - thoughtbot/bourbon - - thoughtbot/factory_bot - - thoughtbot/ember-cli-rails - - thoughtbot/dotfiles - - thoughtbot/terraform-ses-domain-identity - - thoughtbot/stylelint-config - - thoughtbot/cloudformation-terraform-state-backend - - thoughtbot/humid - - thoughtbot/clearance - - thoughtbot/griddler-sendgrid - - thoughtbot/terraform-aws-secrets - - thoughtbot/yuri-ita - - thoughtbot/paul_revere - - thoughtbot/terraform-eks-cicd - - thoughtbot/terraform-s3-bucket - - thoughtbot/terraform-route-53-delegated-subdomain - - thoughtbot/eslint-config - - thoughtbot/rcm - - thoughtbot/fishery - - thoughtbot/terrapin - - thoughtbot/shoulda - - thoughtbot/laptop - - thoughtbot/resolved - - thoughtbot/griddler - - thoughtbot/climate_control - - thoughtbot/Curry - - thoughtbot/croutons - - thoughtbot/parity + # - thoughtbot/high_voltage + # - thoughtbot/guides + # - thoughtbot/administrate + # - thoughtbot/shoulda-matchers + # - thoughtbot/flightdeck + # - thoughtbot/suspenders + # - thoughtbot/shoulda-context + # - thoughtbot/appraisal + # - thoughtbot/clearance-i18n + # - thoughtbot/gold_miner + # - thoughtbot/capybara_accessibility_audit + # - thoughtbot/upcase + # - thoughtbot/ruby-science + # - thoughtbot/terraform-flightdeck-aws-application + # - thoughtbot/design-system + # - thoughtbot/factory_bot_rails + # - thoughtbot/bourbon + # - thoughtbot/factory_bot + # - thoughtbot/ember-cli-rails + # - thoughtbot/dotfiles + # - thoughtbot/terraform-ses-domain-identity + # - thoughtbot/stylelint-config + # - thoughtbot/cloudformation-terraform-state-backend + # - thoughtbot/humid + # - thoughtbot/clearance + # - thoughtbot/griddler-sendgrid + # - thoughtbot/terraform-aws-secrets + # - thoughtbot/yuri-ita + # - thoughtbot/paul_revere + # - thoughtbot/terraform-eks-cicd + # - thoughtbot/terraform-s3-bucket + # - thoughtbot/terraform-route-53-delegated-subdomain + # - thoughtbot/eslint-config + # - thoughtbot/rcm + # - thoughtbot/fishery + # - thoughtbot/terrapin + # - thoughtbot/shoulda + # - thoughtbot/laptop + # - thoughtbot/resolved + # - thoughtbot/griddler + # - thoughtbot/climate_control + # - thoughtbot/Curry + # - thoughtbot/croutons + # - thoughtbot/parity + - thoughtbot/testing-reusable-workflow steps: - name: Trigger Dynamic READMEs to be updated with templates uses: benc-uk/workflow-dispatch@v1 diff --git a/.github/workflows/trigger-dynamic-security-update.yaml b/.github/workflows/trigger-dynamic-security-update.yaml index 08e0044..d0bf030 100644 --- a/.github/workflows/trigger-dynamic-security-update.yaml +++ b/.github/workflows/trigger-dynamic-security-update.yaml @@ -59,11 +59,12 @@ jobs: - thoughtbot/Curry - thoughtbot/croutons - thoughtbot/parity + - thoughtbot/testing-reusable-workflow steps: - name: Trigger Dynamic SECURITYs to be updated with templates uses: benc-uk/workflow-dispatch@v1 with: - workflow: update_security-file + workflow: update-security repo: ${{ matrix.repository }} token: ${{ secrets.PAT_TOKEN }} ref: "main" diff --git a/templates/security.md b/templates/security.md index 2a7bc50..aff44c5 100644 --- a/templates/security.md +++ b/templates/security.md @@ -13,5 +13,3 @@ your reasons so that we can have a better understanding of your situation. For security inquiries or vulnerability reports, visit . - -If you have any suggestions to improve this policy, please send an email to the email address at .