Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Harden github workflow against injection #1495

Merged
merged 4 commits into from
Aug 14, 2024
Merged

Harden github workflow against injection #1495

merged 4 commits into from
Aug 14, 2024

Conversation

lukaw3d
Copy link
Member

@lukaw3d lukaw3d commented Aug 9, 2024

No description provided.

@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 9, 2024
edited
Loading

Deployed to Cloudflare Pages

Latest commit: 9a33dc70f47cce12f4c7fcc7528e7927924404c9
Status:✅ Deploy successful!
Preview URL: https://6233757b.oasis-explorer.pages.dev

@lukaw3d lukaw3d force-pushed the lw/harden-gh-actions branch from 3f2c7c2 to 3adb610 Compare August 9, 2024 21:26
lubej
lubej approved these changes Aug 12, 2024
View reviewed changes
.github/workflows/ci-renovate.yml
# Set git user email and name to match author of the last commit.
git config --local user.email "$(git log --pretty='%ae' -1)"
git config --local user.name "$(git log --pretty=format:'%an' -1)"
git add ${{ steps.vars.outputs.FILE_NAME }}
git add "$FILE_NAME"
git commit --amend --no-edit
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure who is the owner of git add here, but I would prefer it was another commit. As who ever the owner is, will be the co-author of the commit - and it would be just cleaner, to see which changes were made by this workflow - the downside is useless commit though.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this only runs against renovate-bot's commit; and it is currently always failing. I'll leave it :D

@lukaw3d lukaw3d force-pushed the lw/harden-gh-actions branch from d77184a to 9a33dc7 Compare August 14, 2024 03:41
@lukaw3d lukaw3d merged commit ddf3352 into master Aug 14, 2024
8 checks passed
@lukaw3d lukaw3d deleted the lw/harden-gh-actions branch August 14, 2024 03:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lubej lubej lubej approved these changes

@buberdds buberdds Awaiting requested review from buberdds buberdds is a code owner

@csillag csillag Awaiting requested review from csillag csillag is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lukaw3d @lubej