git.99rst.org / roundcube-roundcubemail-docker.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: beb772d)
Pin GitHub Actions to specific commits
authorPablo Zmdl <redacted>
Thu, 3 Apr 2025 12:03:03 +0000 (14:03 +0200)
committerPablo Zmdl <redacted>
Thu, 3 Apr 2025 12:04:39 +0000 (14:04 +0200)
commit54ec9f134557aa2806cb4804f5fe9d417faec6cd
tree759776adbb3f5527921f071822c658e28d7b0977tree | snapshot
parentbeb772d0ca96cc0d70fee139ff6e8a729c14c32fcommit | diff
Pin GitHub Actions to specific commits

This is motivated by a recent case in which a github action was
compromised and manipulated tags to point to malicious code <https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised>.
.github/workflows/bot-create-manual-reminder.yml diff | blob | history
.github/workflows/bot-manual-reminder.yml diff | blob | history
.github/workflows/bot-remind-stale-pull-requests.yml diff | blob | history
.github/workflows/build-and-publish-nightly.yml diff | blob | history
.github/workflows/build.yml diff | blob | history
.github/workflows/test.yml diff | blob | history
.github/workflows/update-sh.yml diff | blob | history
git clone https://git.99rst.org/PROJECT