Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: (deps) TSCCR Actions Pinning #12507

Merged
merged 1 commit into from
Jul 19, 2023
Merged

chore: (deps) TSCCR Actions Pinning #12507

merged 1 commit into from
Jul 19, 2023

Conversation

hashicorp-tsccr[bot]
Copy link
Contributor

This PR was auto-generated by hashicorp/security-tsccr/actions/runs/5585651165

You can alter the configuration of this automation via the hcl config in hashicorp/security-tsccr/automation

This is in support of RFC SEC-090 which is due to be implemented by EOQ2 FY24.

Please do the following:

  • Approve and merge this PR if you are happy with the changes.
  • Check if there are any untrusted third-party Actions in the workflow files and onboard them to the TSCCR.
  • The yaml comments "# TSCCR: no entry for repository..." or "# TSCCR: no version of..." in the workflow files identifies an untrusted Action.
  • If you have to onboard any third-party Actions, update and pin your workflows using the tsccr-helper tool after the Actions have been onboarded OR reach out to #team-prodsec and we can run this automation again.
  • Verify that your Actions are still working as expected after pinning.

Please reach out to #team-prodsec if you have any questions.

@hashicorp-tsccr hashicorp-tsccr bot requested a review from a team July 18, 2023 09:22
@hashicorp-tsccr hashicorp-tsccr bot requested a review from a team as a code owner July 18, 2023 09:22
@hashicorp-tsccr hashicorp-tsccr bot added the SEC-090 Auto-pinning label Jul 18, 2023
nywilken
nywilken approved these changes Jul 19, 2023
View reviewed changes
Copy link
Contributor

@nywilken nywilken left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - we have an open PR to add in the untrusted Actions.

@nywilken nywilken merged commit 0194d83 into main Jul 19, 2023
@nywilken nywilken deleted the tsccr-auto-pinning/trusted/2023-07-18 branch July 19, 2023 17:20
This was referenced Jul 24, 2023
Closed
Closed
@nywilken nywilken added the tech-debt Issues and pull requests related to addressing technical debt or improving the codebase label Aug 16, 2023
genx7up pushed a commit to aweps/packer that referenced this pull request Aug 28, 2023
@hashicorp-tsccr @genx7up
Result of tsccr-helper -log-level=info -pin-all-workflows . (hashicor…
0b1a7e6 
…p#12507)

Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 16, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@nywilken nywilken nywilken approved these changes

@modrake modrake Awaiting requested review from modrake

@emilymianeil emilymianeil Awaiting requested review from emilymianeil

Assignees
No one assigned
Labels
SEC-090 Auto-pinning tech-debt Issues and pull requests related to addressing technical debt or improving the codebase
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@nywilken