Skip to content

Update pull_request_template.md #451

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ethomson merged 3 commits into from
Apr 6, 2020
Merged

Update pull_request_template.md #451

ethomson merged 3 commits into from
Apr 6, 2020

Conversation

@ethomson
Copy link
Contributor

@ethomson ethomson commented Apr 3, 2020

Update the pull request template with stylistic and policy changes.

@andymckay andymckay requested a review from iheanyi April 6, 2020 16:13
iheanyi
iheanyi approved these changes Apr 6, 2020
View reviewed changes
Copy link

@iheanyi iheanyi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM @ethomson, thanks for adding this!

eregon
eregon reviewed Apr 6, 2020
View reviewed changes
.github/pull_request_template.md
- [ ] Does not use a paid service or product.
- [ ] This workflow must only use actions that are produced by GitHub, [in the `actions` organization](https://github.com/actions), **or**

This workflow must only use actions that are produced by the language or ecosystem that the workflow supports. These actions must be [published to the GitHub Marketplace](https://github.com/marketplace?type=actions). Workflows using these actions must reference the action using the full 40 character hash of the action's commit instead of a tag. Additionally, workflows must include the following comment at the top of the workflow file:
Copy link
Contributor

@eregon eregon Apr 6, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Workflows using these actions must reference the action using the full 40 character hash of the action's commit instead of a tag.

I think that part is problematic, see #448 (comment)

Copy link
Contributor Author

@ethomson ethomson Apr 6, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, there are tradeoffs here. Given that we're running actions from third parties, we want to maximize the security for the ecosystem. Right now this means 40 character hashes. We're working on other solutions, but this is the safest mechanism at the moment.

@ethomson ethomson merged commit 93e77af into master Apr 6, 2020
@ethomson ethomson deleted the ethomson/template_template branch April 6, 2020 18:28
@eregon eregon mentioned this pull request Apr 6, 2020
Merged
8 tasks
This was referenced Jun 17, 2020
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@eregon eregon eregon left review comments

@iheanyi iheanyi iheanyi approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ethomson @eregon @iheanyi @Moj35