Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(ci): enforce zero trust for third party workflows #2215

Merged
merged 12 commits into from
May 5, 2023
Merged

chore(ci): enforce zero trust for third party workflows #2215

merged 12 commits into from
May 5, 2023

Conversation

heitorlessa
Copy link
Contributor

Issue number: #2207

Summary

Remove allow_list from workflow that enforces 3rd party actions to be pinned. Addressed shellcheck issues that weren't identified earlier due to being in allow list.

Changes

Please provide a summary of what's being changed

User experience

Please share what the user experience looks like before and after this change

Checklist

If your change doesn't seem to apply, please leave them unchecked.

Is this a breaking change?

RFC issue number:

Checklist:

  • Migration process documented
  • Implement warnings (if it can live side by side)

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

@heitorlessa heitorlessa requested a review from a team as a code owner May 5, 2023 11:05
@heitorlessa heitorlessa requested review from leandrodamascena and removed request for a team May 5, 2023 11:05
@boring-cyborg boring-cyborg bot added the github-actions Pull requests that update Github_actions code label May 5, 2023
@pull-request-size pull-request-size bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label May 5, 2023
@heitorlessa heitorlessa linked an issue May 5, 2023 that may be closed by this pull request
Remove allow list from untrusted workflows #2207
Closed
@github-actions github-actions bot added the internal Maintenance changes label May 5, 2023
leandrodamascena
leandrodamascena requested changes May 5, 2023
View reviewed changes
Copy link
Contributor

@leandrodamascena leandrodamascena left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't checked the hash of the images if it matches the version informed, but it all looks great to me.

.github/workflows/codeql-analysis.yml Outdated Show resolved Hide resolved
.github/workflows/codeql-analysis.yml Outdated Show resolved Hide resolved
heitorlessa and others added 2 commits May 5, 2023 15:33
@heitorlessa @leandrodamascena
chore: leandro feedback
b09854b 
Co-authored-by: Leandro Damascena <leandro.damascena@gmail.com>
Signed-off-by: Heitor Lessa <lessa@amazon.nl>
@heitorlessa @leandrodamascena
chore: leandro feedback
0e0dedc 
Co-authored-by: Leandro Damascena <leandro.damascena@gmail.com>
Signed-off-by: Heitor Lessa <lessa@amazon.nl>
leandrodamascena
leandrodamascena approved these changes May 5, 2023
View reviewed changes
Copy link
Contributor

@leandrodamascena leandrodamascena left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image

@heitorlessa
Copy link
Contributor Author

testing nudge before merging

Sent from Neat

@heitorlessa heitorlessa merged commit b7acc21 into aws-powertools:develop May 5, 2023
3 checks passed
@heitorlessa heitorlessa deleted the chore/pin-all-third-party-actions branch May 5, 2023 13:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leandrodamascena leandrodamascena leandrodamascena approved these changes

Assignees
No one assigned
Labels
github-actions Pull requests that update Github_actions code internal Maintenance changes size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove allow list from untrusted workflows
2 participants
@heitorlessa @leandrodamascena