[bisq-network/bisq] CI Security: Use Github actions via sha1 (not tags) and keep them updated via dependabot (PR #5943)
Daniel Bast
notifications at github.com
Thu Dec 30 09:56:59 CET 2021
Tags are mutable and can change unexpectedly. Referencing actions via sha1 is more secure in that regard. Dependabot helps to automatically update to newer versions without the need to manually deal with sha1s.
Merging the PR opens update PRs similar to those shown here https://github.com/dbast/bisq/pulls
Each update PR lists the according changes to each action and allows giving instructions to dependabot via e.g. `@dependabot ignore this major version`.
<!--
- make yourself familiar with the CONTRIBUTING.md if you have not already (https://github.com/bisq-network/bisq/blob/master/CONTRIBUTING.md)
- make sure you follow our [coding style guidelines][https://github.com/bisq-network/style/issues)
- pick a descriptive title
- provide some meaningful PR description below
- create the PR
- in case you receive a "Change request" and/or a NACK, please react within 30 days. If not, we will close your PR and it can not be up for compensation.
- After addressing the change request, __please re-request a review!__ Otherwise we might miss your PR as we tend to only look at pull requests tagged with a "review required".
-->
Fixes #replaceWithIssueNr, fixes #replaceWithIssueNr
Your PR description here.
You can view, comment on, or merge this pull request online at:
https://github.com/bisq-network/bisq/pull/5943
-- Commit Summary --
* Use Github actions via sha1 (not tags) and keep them updated via dependabot
-- File Changes --
A .github/dependabot.yml (6)
M .github/workflows/build.yml (6)
-- Patch Links --
https://github.com/bisq-network/bisq/pull/5943.patch
https://github.com/bisq-network/bisq/pull/5943.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/pull/5943
You are receiving this because you are subscribed to this thread.
Message ID: <bisq-network/bisq/pull/5943 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20211230/513356ac/attachment.htm>
More information about the bisq-github
mailing list