Skip to content

🌱 harden github actions workflows#933

Merged
metal3-io-bot merged 1 commit intometal3-io:mainfrom
Nordix:tuomo/harden-github-actions
Mar 4, 2026
Merged

🌱 harden github actions workflows#933
metal3-io-bot merged 1 commit intometal3-io:mainfrom
Nordix:tuomo/harden-github-actions

Conversation

@tuminoid
Copy link
Copy Markdown
Member

@tuminoid tuminoid commented Mar 4, 2026

Add persist-credentials: false to checkout actions, switch pr-verifier from pull_request_target to pull_request, add explicit permissions to workflows, bump actions to latest major versions, suppress accepted findings, and apply zizmor safe fixes.

@tuminoid
harden github actions workflows
40ce6fe 
Add persist-credentials: false to checkout actions, switch pr-verifier
from pull_request_target to pull_request, add explicit permissions to
workflows, bump actions to latest major versions, suppress accepted
findings, and apply zizmor safe fixes.

Signed-off-by: Tuomo Tanskanen <tuomo.tanskanen@est.tech>
@metal3-io-bot metal3-io-bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Mar 4, 2026
@tuminoid
Copy link
Copy Markdown
Member Author

tuminoid commented Mar 4, 2026

/cc @Rozzii @lentzi90

@metal3-io-bot metal3-io-bot requested review from Rozzii and lentzi90 March 4, 2026 06:39
lentzi90
lentzi90 reviewed Mar 4, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@lentzi90 lentzi90 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@metal3-io-bot metal3-io-bot added the lgtm Indicates that a PR is ready to be merged. label Mar 4, 2026
@tuminoid
Copy link
Copy Markdown
Member Author

tuminoid commented Mar 4, 2026

/override metal3-centos-e2e-integration-test-main
/override metal3-ubuntu-e2e-integration-test-main

@metal3-io-bot
Copy link
Copy Markdown
Contributor

metal3-io-bot commented Mar 4, 2026

@tuminoid: Overrode contexts on behalf of tuminoid: metal3-centos-e2e-integration-test-main, metal3-ubuntu-e2e-integration-test-main

Details

In response to this:

/override metal3-centos-e2e-integration-test-main
/override metal3-ubuntu-e2e-integration-test-main

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Rozzii
Rozzii reviewed Mar 4, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@Rozzii Rozzii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@metal3-io-bot
Copy link
Copy Markdown
Contributor

metal3-io-bot commented Mar 4, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Rozzii

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@metal3-io-bot metal3-io-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 4, 2026
@metal3-io-bot metal3-io-bot merged commit 3d62072 into metal3-io:main Mar 4, 2026
16 checks passed
@metal3-io-bot metal3-io-bot deleted the tuomo/harden-github-actions branch March 4, 2026 07:14
@metal3-io-bot metal3-io-bot added this to the ironic-image - v35.0 milestone Mar 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Rozzii Rozzii Rozzii left review comments

@dtantsur dtantsur Awaiting requested review from dtantsur

@elfosardo elfosardo Awaiting requested review from elfosardo

@zaneb zaneb Awaiting requested review from zaneb

+1 more reviewer

@lentzi90 lentzi90 lentzi90 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

ironic-image - v35.0

Development

Successfully merging this pull request may close these issues.

4 participants

@tuminoid @metal3-io-bot @lentzi90 @Rozzii