react-native-macos

Граф коммитов

Автор	SHA1	Сообщение	Дата
Varun Sharma	3da3d82320	ci: Add GitHub token permissions for workflows (#34122 ) Summary: This PR adds minimum token permissions for the GITHUB_TOKEN using https://github.com/step-security/secure-workflows. GitHub recommends defining minimum GITHUB_TOKEN permissions for securing GitHub Actions workflows - https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ - https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token - The Open Source Security Foundation (OpenSSF) [Scorecards](https://github.com/ossf/scorecard) treats not setting token permissions as a high-risk issue This project is part of the top 100 critical projects as per OpenSSF (https://github.com/ossf/wg-securing-critical-projects), so fixing the token permissions to improve security. Signed-off-by: Varun Sharma <varunsh@stepsecurity.io> ## Changelog [General] [Security] - Add GitHub token permissions for workflows <!-- Help reviewers and the release process by writing your own changelog entry. For an example, see: https://github.com/facebook/react-native/wiki/Changelog --> Pull Request resolved: https://github.com/facebook/react-native/pull/34122 Test Plan: N/A Reviewed By: cipolleschi Differential Revision: D37597988 Pulled By: cortinico fbshipit-source-id: 2f45914e2202a7b5bf7fa60b019dd12cdcf31952	2022-07-04 03:41:44 -07:00
Simek	09b06485e9	GitHub: update workflow actions (#33595 ) Summary: This PR updates the GitHub actions uses in the repository workflows. ## Changelog N/A Pull Request resolved: https://github.com/facebook/react-native/pull/33595 Test Plan: Run the workflows. Reviewed By: rickhanlonii Differential Revision: D35495697 Pulled By: cortinico fbshipit-source-id: a41a83dc61f199f9acbc0ce28d6a23fafc94a99c	2022-04-08 06:26:47 -07:00
Héctor Ramos	2ef9200a4d	Enable 'Needs Attention' action (#28338 ) Summary: The ['Needs Attention'](https://github.com/hramos/needs-attention) action will remove the "Needs: Author Feedback" label and replace it with "Needs: Attention" whenever the original author of an issue adds a comment. Removes the `no-response` GitHub integration. The 'close after 21 days' functionality from `no-response` is not present in the 'Needs Attention' action. We'll need to add this back some other way. Considering we were not closing issues that were in the Needs Response state until recently, I think it's OK to proceed here. ## Changelog [Internal] [CI] - Enable 'Needs Attention' action Pull Request resolved: https://github.com/facebook/react-native/pull/28338 Test Plan: https://github.com/hramos/needs-attention/issues/1 Reviewed By: cpojer Differential Revision: D20506380 Pulled By: hramos fbshipit-source-id: a5a0a7fc330821b7c51aabc0905f520d5caa829a	2020-03-18 00:41:44 -07:00

Автор

SHA1

Сообщение

Дата

Varun Sharma

3da3d82320

ci: Add GitHub token permissions for workflows (#34122 )

Summary:
This PR adds minimum token permissions for the GITHUB_TOKEN using https://github.com/step-security/secure-workflows.

GitHub recommends defining minimum GITHUB_TOKEN permissions for securing GitHub Actions workflows
- https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
- https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
- The Open Source Security Foundation (OpenSSF) [Scorecards](https://github.com/ossf/scorecard) treats not setting token permissions as a high-risk issue

This project is part of the top 100 critical projects as per OpenSSF (https://github.com/ossf/wg-securing-critical-projects), so fixing the token permissions to improve security.

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>

## Changelog
[General] [Security] - Add GitHub token permissions for workflows
<!-- Help reviewers and the release process by writing your own changelog entry. For an example, see:
https://github.com/facebook/react-native/wiki/Changelog
-->

Pull Request resolved: https://github.com/facebook/react-native/pull/34122

Test Plan: N/A

Reviewed By: cipolleschi

Differential Revision: D37597988

Pulled By: cortinico

fbshipit-source-id: 2f45914e2202a7b5bf7fa60b019dd12cdcf31952

2022-07-04 03:41:44 -07:00

Simek

09b06485e9

GitHub: update workflow actions (#33595 )

Summary:
This PR updates the GitHub actions uses in the repository workflows.

## Changelog

N/A

Pull Request resolved: https://github.com/facebook/react-native/pull/33595

Test Plan: Run the workflows.

Reviewed By: rickhanlonii

Differential Revision: D35495697

Pulled By: cortinico

fbshipit-source-id: a41a83dc61f199f9acbc0ce28d6a23fafc94a99c

2022-04-08 06:26:47 -07:00

Héctor Ramos

2ef9200a4d

Enable 'Needs Attention' action (#28338 )

Summary:
The ['Needs Attention'](https://github.com/hramos/needs-attention) action will remove the "Needs: Author Feedback" label and replace it with "Needs: Attention" whenever the original author of an issue adds a comment.

Removes the `no-response` GitHub integration. The 'close after 21 days' functionality from `no-response` is not present in the 'Needs Attention' action. We'll need to add this back some other way. Considering we were not closing issues that were in the Needs Response state until recently, I think it's OK to proceed here.

## Changelog

[Internal] [CI] - Enable 'Needs Attention' action
Pull Request resolved: https://github.com/facebook/react-native/pull/28338

Test Plan: https://github.com/hramos/needs-attention/issues/1

Reviewed By: cpojer

Differential Revision: D20506380

Pulled By: hramos

fbshipit-source-id: a5a0a7fc330821b7c51aabc0905f520d5caa829a

2020-03-18 00:41:44 -07:00

3 Коммитов