#github-actions (2019-12)

Discussions related to GitHub Actions

2019-12-04

jedineeper avatar
jedineeper
10:26:32 AM

@jedineeper has joined the channel

2019-12-19

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
10:43:04 PM

https://github.blog/changelog/2019-12-19-github-actions-the-runner-is-now-open-sourced

GitHub Actions: The Runner is now open sourced - The GitHub Blogattachment image

The GitHub Actions Runner is now open sourced. File issues and contribute to one of the most important components of GitHub Actions directly at: https://github.com/actions/runner The Runner is the application that runs a job from

Pierre Humberdroz avatar
Pierre Humberdroz
10:59:27 PM

I wish they would just add approval gates.

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
11:35:29 PM

Yes, agreed. I haven’t found the best way to do this. What I’ve seen so far is to use labels, but there’s no good way to restrict who can add labels if someone has write permission.

2019-12-20

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
05:22:15 PM

https://julienrenaux.fr/2019/12/20/github-actions-security-risk/

Use GitHub actions at your own riskattachment image

Malicious code can be inserted into any GitHub action, even those which are tagged.

Pierre Humberdroz avatar
Pierre Humberdroz
05:30:59 PM

it is the same with helm charts and others .. nothing new but still worth a read

Use GitHub actions at your own riskattachment image

Malicious code can be inserted into any GitHub action, even those which are tagged.

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
05:33:38 PM

Ya true

    keyboard_arrow_up