Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an GitHub workflow to make sure GH Actions are pinned #323

Open
llucax opened this issue Nov 7, 2024 · 0 comments
Open

Add an GitHub workflow to make sure GH Actions are pinned #323

llucax opened this issue Nov 7, 2024 · 0 comments
Labels
part:ci Affects the GitHub workflow and other parts for running CI part:template Affects the cookiecutter template files type:enhancement New feature or enhancement visitble to users
Milestone
v0.12.0

Comments

@llucax
Copy link
Contributor

llucax commented Nov 7, 2024
edited
Loading

What's needed?

For security reasons, it is always better if we pin GitHub actions coming from third parties, specially those that are not big companies with a lot of resources to prevent hacks.

Proposed solution

Add a workflow using this action to test that actions are pinned:
@llucax llucax added part:ci Affects the GitHub workflow and other parts for running CI part:template Affects the cookiecutter template files type:enhancement New feature or enhancement visitble to users labels Nov 7, 2024
@llucax llucax added this to the v0.11.0 milestone Nov 7, 2024
@llucax llucax modified the milestones: v0.11.0, v0.12.0 Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
part:ci Affects the GitHub workflow and other parts for running CI part:template Affects the cookiecutter template files type:enhancement New feature or enhancement visitble to users
Projects
None yet
Milestone
v0.12.0
Development

No branches or pull requests
1 participant
@llucax