github/docs
Ver no GitHubOIDC examples don't pin external actions (& don't declare them)
Open
#34.316 aberto em 15 de ago. de 2024
SME reviewedactionscontenthelp wantednever-stale
Métricas do repositório
- Stars
- (19.479 stars)
- Métricas de merge de PR
- (Mesclagem média 3d 19h) (90 fundiu PRs em 30d)
Description
Code of Conduct
- I have read and agree to the GitHub Docs project's Code of Conduct
What article on docs.github.com is affected?
- https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform#requesting-the-access-token
- https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token
- https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-azure#requesting-the-access-token
- https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault#requesting-the-access-token
- https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi#updating-your-github-actions-workflow
What part(s) of the article would you like to see updated?
steps:
- id: 'auth'
name: 'Authenticate to GCP'
uses: 'google-github-actions/auth@v0.3.1'
with:
should pin a hash instead, also the reusable disclaiming 3rdparty usage should be added.
Additional information
This is analogous for all the pages mentioned, for both # Requesting and # Revoking examples.