Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide configuration to handle non-public repositories #30

Merged
merged 2 commits into from
Feb 2, 2022
Merged

Provide configuration to handle non-public repositories #30

merged 2 commits into from
Feb 2, 2022

Conversation

mcdonnnj
Copy link
Member

@mcdonnnj mcdonnnj commented Feb 2, 2022

🗣 Description

This pull request adds controls to manage interactions with non-public repositories. These controls manage whether or not non-public repositories should be processed and if non-public repositories are processed if their names should be masked in the GitHub Actions log output.

💭 Motivation and context

Blindly processing non-public repositories can lead to unintended information leakage. This also mirrors functionality added in cisagov/action-lineage#38.

🧪 Testing

Automated tests pass.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

@mcdonnnj
Add controls for non-public repositories
c828ab4 
This mirrors the controls added to cisagov/action-lineage to manage
non-public repository processing and log visibility.
@mcdonnnj
Update logging configuration
5ec55b1 
Use the logging library's built-in value for the INFO log level. Set
logging to output to stdout instead of the default of stderr. This
change is necessary for logging output to be grouped correctly when
running on a GitHub Actions runner.
@mcdonnnj mcdonnnj added the improvement This issue or pull request will add or improve functionality, maintainability, or ease of use label Feb 2, 2022
@mcdonnnj mcdonnnj self-assigned this Feb 2, 2022
dav3r
dav3r approved these changes Feb 2, 2022
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🔐

@jsf9k
Copy link
Member

jsf9k commented Feb 2, 2022

FYI, none of the checks appear to be required in this repo.

@mcdonnnj mcdonnnj merged commit f5c4906 into v1.0.0 Feb 2, 2022
@mcdonnnj mcdonnnj deleted the improvement/handle_non-public_repos branch February 2, 2022 18:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsf9k jsf9k jsf9k approved these changes

@dav3r dav3r dav3r approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

Assignees

@mcdonnnj mcdonnnj

Labels
improvement This issue or pull request will add or improve functionality, maintainability, or ease of use
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mcdonnnj @jsf9k @dav3r