Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Actions not covered by new allowed rule #724

Closed
5 tasks done
frelon opened this issue May 10, 2024 · 4 comments
Closed
5 tasks done

Actions not covered by new allowed rule #724

frelon opened this issue May 10, 2024 · 4 comments
Assignees
@anmazzotti
Labels
area/security dependencies Pull requests that update a dependency file kind/chore

Comments

@frelon
Copy link
Contributor

frelon commented May 10, 2024
edited by anmazzotti
Loading

Taking a quick look through the actions used in this repo vs what will be allowed we have the following actions that we will have to either replace or allow:

  • mikefarah/[email protected] .github/actions/chart/action.yaml
  • mikefarah/[email protected] .github/workflows/airgap-test.yaml
  • helm/kind-action@v1 .github/workflows/e2e.yaml
  • ncipollo/release-action@v1 .github/workflows/release-chart.yaml
  • codecov/codecov-action@v4 .github/workflows/unit-tests.yaml
@frelon frelon added kind/chore area/security dependencies Pull requests that update a dependency file labels May 10, 2024
@frelon frelon added this to Elemental May 10, 2024
@frelon frelon moved this to 🗳️ To Do in Elemental May 10, 2024
@anmazzotti
Copy link
Contributor

Seems that everything under helm/ got approved: https://github.com/rancher/security-team/issues/738#issuecomment-2110440742

@anmazzotti
Copy link
Contributor

Codecov still under evaluation: https://github.com/rancher/security-team/issues/728

I'd keep it meanwhile since I think it's pretty useful.

@anmazzotti
Copy link
Contributor

Codecov action is approved, but the feedback is quite negative.
Probably it's for the best to remove it to avoid issues in the future:

@anmazzotti anmazzotti moved this from 🗳️ To Do to 👀 Needs review in Elemental May 24, 2024
@anmazzotti anmazzotti self-assigned this May 24, 2024
@anmazzotti
Copy link
Contributor

All good now, closing this issue.

@github-project-automation github-project-automation bot moved this from 👀 Needs review to ✅ Done in Elemental May 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@anmazzotti anmazzotti

Labels
area/security dependencies Pull requests that update a dependency file kind/chore
Projects
Elemental
Archived in project
Milestone
No milestone
Development

No branches or pull requests
2 participants
@frelon @anmazzotti