Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: sync workflows from central-workflows #139

Open
wants to merge 3 commits into
base: dev
Choose a base branch
from
Open

ci: sync workflows from central-workflows #139

wants to merge 3 commits into from

Conversation

scott45
Copy link
Collaborator

@scott45 scott45 commented Dec 2, 2024

This PR syncs workflows from the central-workflows repository. Signed-off-by: Scott busingescott@gmail.com

@github-actions github-actions bot added the CI/CD label Dec 2, 2024
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

5 similar comments
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 2, 2024
View reviewed changes
.github/workflows/dco-check.yml
@@ -0,0 +1,57 @@
# SPDX-License-Identifier: Apache-2.0

Check notice

Code scanning / Checkov (reported by Codacy)

Ensure top-level permissions are not set to write-all Note

Ensure top-level permissions are not set to write-all
.github/workflows/dco-check.yml
with:
fetch-depth: 0 # Fetch all history for all branches to ensure complete commit history is available

- name: Set up environment variables

Check notice

Code scanning / Checkov (reported by Codacy)

Ensure run commands are not vulnerable to shell injection Note

Ensure run commands are not vulnerable to shell injection
.github/workflows/gpg-verify.yml
runs-on: ubuntu-latest # Use the latest Ubuntu runner for the job
steps:
- uses: actions/checkout@v4 # Checkout the repository code using the actions/checkout action
with:
fetch-depth: 0 # Fetch all history for all branches to ensure we have the full commit history

- name: Set up environment variables

Check notice

Code scanning / Checkov (reported by Codacy)

Ensure run commands are not vulnerable to shell injection Note

Ensure run commands are not vulnerable to shell injection
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 2, 2024
View reviewed changes
.github/workflows/dco-check.yml
fetch-depth: 0 # Fetch all history for all branches to ensure complete commit history is available

- name: Set up environment variables
run: |

Check failure

Code scanning / Semgrep (reported by Codacy)

Using variable interpolation ${{...}} with github context data in a run: step could allow an attacker to inject their own code into the runner. Error

Using variable interpolation ${...} with github context data in a run: step could allow an attacker to inject their own code into the runner.
.github/workflows/gpg-verify.yml
runs-on: ubuntu-latest # Use the latest Ubuntu runner for the job
steps:
- uses: actions/checkout@v4 # Checkout the repository code using the actions/checkout action
with:
fetch-depth: 0 # Fetch all history for all branches to ensure we have the full commit history

- name: Set up environment variables
run: |

Check failure

Code scanning / Semgrep (reported by Codacy)

Using variable interpolation ${{...}} with github context data in a run: step could allow an attacker to inject their own code into the runner. Error

Using variable interpolation ${...} with github context data in a run: step could allow an attacker to inject their own code into the runner.
.github/workflows/milestone.yml

# Step to set up environment variables required for the script.
- name: Set up environment variables
run: |

Check failure

Code scanning / Semgrep (reported by Codacy)

Using variable interpolation ${{...}} with github context data in a run: step could allow an attacker to inject their own code into the runner. Error

Using variable interpolation ${...} with github context data in a run: step could allow an attacker to inject their own code into the runner.
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 2, 2024
View reviewed changes
.github/workflows/release.yml
uses: actions/setup-node@v3
- name: Get Last Merged PR
id: get_merged_pr
uses: actions-ecosystem/action-get-merged-pull-request@v1

Check warning

Code scanning / Semgrep (reported by Codacy)

An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Warning

An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
CI/CD
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@scott45