Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(cr_booster): add GHA workflow #660

Closed
wants to merge 2 commits into from
Closed

feat(cr_booster): add GHA workflow #660

wants to merge 2 commits into from

Conversation

jurajpiar
Copy link
Contributor

@jurajpiar jurajpiar commented Feb 10, 2025
edited
Loading

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 10, 2025
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/checkout 11bd71901bbe5b1630ceea73d27597364c9af683 🟢 6.4
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Maintained⚠️ 23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 73 existing vulnerabilities detected
actions/actions/setup-node 1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a 🟢 6.6
Details
CheckScoreReason
Maintained🟢 810 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 9binaries present in source code
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
Vulnerabilities🟢 82 existing vulnerabilities detected

Scanned Files

  • .github/workflows/booster.yaml

@jurajpiar jurajpiar force-pushed the TOK-297/TOK-615/gh_action branch from 2909dba to e18a194 Compare February 11, 2025 13:43
antomor
antomor previously requested changes Feb 12, 2025
View reviewed changes
Copy link
Collaborator

@antomor antomor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jurajpiar I'd pin the actions that we use by specifying the commit for each of them. Apart from that, is there a way to test it before merging the PR?

@jurajpiar jurajpiar force-pushed the TOK-297/TOK-615/gh_action branch 3 times, most recently from 65c8a16 to d98d8cc Compare February 13, 2025 12:35
@jurajpiar jurajpiar force-pushed the TOK-297/TOK-615/gh_action branch 3 times, most recently from 0afdc8a to ed843a7 Compare February 13, 2025 15:34
@jurajpiar jurajpiar marked this pull request as ready for review February 13, 2025 16:32
franciscotobar
franciscotobar approved these changes Feb 13, 2025
View reviewed changes
Copy link
Contributor

@franciscotobar franciscotobar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jurajpiar jurajpiar force-pushed the TOK-297/TOK-615/gh_action branch 2 times, most recently from 3be5813 to 35a06d7 Compare February 14, 2025 10:13
@jurajpiar jurajpiar force-pushed the TOK-297/TOK-615/gh_action branch from 35a06d7 to 7aa5642 Compare February 14, 2025 10:14
@jurajpiar
Copy link
Contributor Author

Rebased #690 onto this branch, so I'm closing this PR to prevent conflicts.

@jurajpiar jurajpiar closed this Feb 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@franciscotobar franciscotobar franciscotobar approved these changes

@antomor antomor antomor left review comments

Assignees
No one assigned
Labels
collective-rewards
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jurajpiar @antomor @franciscotobar