Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace build-autotriage action version number with SHA #3597

Merged
merged 1 commit into from
Jan 8, 2024

Conversation

Haroon-Khel
Copy link
Contributor

@Haroon-Khel Haroon-Khel commented Jan 4, 2024

ref https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

For the JasonEtco/create-an-issue action, the commit points to JasonEtco/create-an-issue@e27dddc. Bit odd looking, just alot of deleted files.

And though the commit says This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository., this tag is the same as the release v2.9.1 which is verified

@Haroon-Khel Haroon-Khel requested review from sxa and adamfarley January 4, 2024 11:41
Copy link
Member

@sxa sxa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ref: TOB-TEMURIN-15
Noting that while the github actions repository itself (as opposed to a third-part one) is likely safe without a SHA, it's always less of a risk to pin it properly :-)

@karianna
Copy link
Contributor

karianna commented Jan 4, 2024

@Haroon-Khel are you able to rebase to pick up the labeler fix?

@Haroon-Khel
Copy link
Contributor Author

@karianna Which fix? I tried rebasing but the branch is already up to date

Copy link
Contributor

@adamfarley adamfarley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - Thanks Haroon!

@sxa
Copy link
Member

sxa commented Jan 8, 2024

@karianna Which fix? I tried rebasing but the branch is already up to date

I'm guessing this is related to adoptium/ci-jenkins-pipelines#855 in the pipelines repository, but it seems likely that we need something similar in here.

@karianna
Copy link
Contributor

karianna commented Jan 8, 2024

@karianna Which fix? I tried rebasing but the branch is already up to date

I'm guessing this is related to adoptium/ci-jenkins-pipelines#855 in the pipelines repository, but it seems likely that we need something similar in here.

Correct, I've submitted #3601 to resolve this.

@karianna karianna merged commit a352e08 into adoptium:master Jan 8, 2024
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants