dependabot[bot]
beadd56dd7
chore(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.0 ( #13440 )
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.1.4 to 2.2.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](6701853927...7e473efe3csupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-23 22:37:35 +01:00
dependabot[bot]
18d0a63df8
chore(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2 ( #13414 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-09 20:03:00 +01:00
Marc Cornellà
242e2faa51
ci: improve security in project.yml workflow ( #13329 )
...
There is no inherent security vulnerability in the workflow, but there were
certain practices that increased latent risk. In this commit, we:
- Explicitly bind app token for each step that needs it, instead of setting it for
all steps after "Store app token"
- Refactor "classify" step, to not rely on files passed around, and instead uses
only awk script.
- Remove all instances of template injection within `run` scripts. There was nothing
dangerous, but the practice is unsafe.
- Sanitize all unwanted characters from PR plugin and theme names.
References: W2M1-06 W2M1-07
2025-09-27 20:00:50 +02:00
StepSecurity Bot
7f3d8a34e2
ci: Harden GitHub Actions [StepSecurity] ( #13318 )
2025-09-19 17:30:10 +02:00
Carlo Sala
5c804257ce
ci: use actions/create-github-app-token ( #13233 )
2025-07-28 19:20:50 +02:00
Carlo Sala
544eb17e33
ci(project): use ohmyzsh's bot credentials
2023-12-28 21:21:39 +01:00
Marc Cornellà
1342459b15
ci: fix update of plugin or theme fields
...
See [1] for the reference of value field (ProjectV2FieldValue type),
and [2] for sample application code.
[1] https://docs.github.com/en/graphql/reference/input-objects#projectv2fieldvalue
[2] https://docs.github.com/en/enterprise-cloud@latest/issues/planning-and-tracking-with-projects/automating-your-project/automating-projects-using-actions#example-workflow-authenticating-with-a-github-app
2022-11-04 19:16:54 +01:00
Lennart Ochel
239e2f9fcd
ci: migrate to ProjectV2 GraphQL API ( #11311 )
2022-11-03 18:30:30 +01:00
Alex
065f5ffc5a
ci: harden permissions for GitHub Workflows ( #11174 )
...
* build: harden main.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com >
* build: harden project.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com >
* Update project.yml
The permissions are not necessary, because a separate token is used `GITHUB_TOKEN: ${{ secrets.PROJECT_TOKEN }}`
2022-10-07 14:39:00 +02:00
Marc Cornellà
4d9e5ce9a7
ci(project): sort issues and PRs when reopened
2022-04-04 21:40:08 +02:00
Marc Cornellà
ebfd7cb219
ci: cancel current runs on new trigger
2022-02-21 19:27:21 +01:00
Marc Cornellà
b481955761
ci(project): fix .list files not found error
2022-01-11 23:40:33 +01:00
Marc Cornellà
0ca2e48ee8
ci(project): fix gh pr view call to use ohmyzsh repository
2022-01-10 17:22:31 +01:00
Marc Cornellà
63345c4e5d
ci: disable GitHub Actions on forks
2022-01-03 13:10:53 +01:00
Marc Cornellà
512839ef78
chore: simplify project GitHub Action
2022-01-03 13:08:29 +01:00
Marc Cornellà
9dd1dc49d9
chore: simplify GITHUB_TOKEN env in project GitHub Action
2022-01-03 12:32:37 +01:00
Marc Cornellà
121ee818a5
chore: I'm dumb af
2022-01-02 03:37:16 +01:00
Marc Cornellà
dd7f0f2211
chore: let's try again
2022-01-02 03:32:48 +01:00
Marc Cornellà
17c52ccfc9
chore: look ma no auth!
2022-01-02 03:27:25 +01:00
Marc Cornellà
861e7e24a3
chore: please work
2022-01-02 03:19:46 +01:00
Marc Cornellà
1d35b30461
chore: fix auth in Project tracking Action
2022-01-02 03:17:40 +01:00
Marc Cornellà
95a66532d1
chore: use GITHUB_TOKEN auth for Project Beta GitHub Action
2022-01-02 03:09:52 +01:00
Marc Cornellà
d1c07f9569
chore: add Projects Beta GitHub Action
2022-01-02 02:30:00 +01:00
