π§ D: DOCUMENT β Problem & Opportunity
What is the problem, limitation, or opportunity? Why does this matter for SKaiNET?
Explain the context in clear terms:
- What functionality is missing or insufficient?
- Why is this important now?
- Who benefits (users, developers, researchers)?
- What is the high-level goal of this proposal?
Currently, almost all workflows use tags to pin their actions. This is a potential security vulnerability, against best practises, and lowers the OpenSSF Score. We therefore want to pin them with their commit hashes instead.
Summary (1β2 sentences):
Provide a concise overview of what this issue aims to address.
This issue addresse the potential security threat caused by actions pinned with tags.
π A: ASSESS β Feasibility & Impact
Provide an evaluation of the proposal. Address the following:
βοΈ Feasibility
- Is the feature straightforward to implement?
- Are there architectural constraints?
It is straightforward to switch from pinned tags to pinned commit hashes.
βοΈ Expected Impact
- How does this improve SKaiNET?
- Does it unlock new capabilities?
It improves SKaiNET by improving it's security.
βοΈ Risks / Constraints
- Technical challenges?
- Numerical stability concerns?
- API consistency?
None.
βοΈ Dependencies
- Does this rely on an existing SKaiNET module?
- Does it require third-party libraries or standards?
None.
π R: RESEARCH β What Must Be Understood First?
Document research tasks or open questions that must be answered before implementation:
Research Tasks
Not applicable.
Open Questions
List unknowns that contributors should discuss or resolve.
There are no open questions.
π οΈ C: CODE β Implementation Plan
Break down actionable steps required to deliver this feature:
Development Tasks
Acceptance Criteria
π¬ Additional Notes
Add diagrams, pseudo-code, references, or implementation notes that may help future contributors.
π§ D: DOCUMENT β Problem & Opportunity
What is the problem, limitation, or opportunity? Why does this matter for SKaiNET?
Explain the context in clear terms:
Currently, almost all workflows use tags to pin their actions. This is a potential security vulnerability, against best practises, and lowers the OpenSSF Score. We therefore want to pin them with their commit hashes instead.
Summary (1β2 sentences):
This issue addresse the potential security threat caused by actions pinned with tags.
π A: ASSESS β Feasibility & Impact
Provide an evaluation of the proposal. Address the following:
βοΈ Feasibility
It is straightforward to switch from pinned tags to pinned commit hashes.
βοΈ Expected Impact
It improves SKaiNET by improving it's security.
βοΈ Risks / Constraints
None.
βοΈ Dependencies
None.
π R: RESEARCH β What Must Be Understood First?
Document research tasks or open questions that must be answered before implementation:
Research Tasks
Not applicable.
Open Questions
There are no open questions.
π οΈ C: CODE β Implementation Plan
Break down actionable steps required to deliver this feature:
Development Tasks
build.ymldocs.ymldocumentation.ymlengine-benchmarks.ymljava-tests.ymlnative-cpu-multiarch.ymlpublish.ymlschema-validation.ymlverify-poms.ymlAcceptance Criteria
build.ymlruns throughdocs.ymlruns throughdocumentation.ymlruns throughengine-benchmarks.ymlruns throughjava-tests.ymlruns throughnative-cpu-multiarch.ymlruns throughpublish.ymlruns throughschema-validation.ymlruns throughverify-poms.ymlruns through㪠Additional Notes