Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[github] Add commit hashes to action dependencies #592

Merged
merged 4 commits into from
Jan 13, 2025
Merged

[github] Add commit hashes to action dependencies #592

merged 4 commits into from
Jan 13, 2025

Conversation

VenelinBakalov
Copy link
Collaborator

@VenelinBakalov VenelinBakalov commented Jan 10, 2025
edited
Loading

Description

Checklist

  • I have added relevant error handling and logging messages to help troubleshooting
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation, relevant usage information (if applicable)
  • I have updated the PR title with affected component, related issue number and a short summary of the changes introduced
  • I have added labels for implementation kind (kind/) and version type (version/)
  • I have tested against live environment, if applicable
  • I have synced any structure and/or content vRA-NG improvements with vra-ng and ts-vra-ng archetypes (if applicable)
  • I have my changes rebased and squashed to the minimal number of relevant commits. Notice: don't squash all commits
  • I have added a descriptive commit message with a short title, including a Fixed #XXX - or Closed #XXX - prefix to auto-close the issue

Testing

Release Notes

Related issues and PRs

Closes the following security issues:
https://github.com/vmware/build-tools-for-vmware-aria/security/code-scanning/192
https://github.com/vmware/build-tools-for-vmware-aria/security/code-scanning/194
https://github.com/vmware/build-tools-for-vmware-aria/security/code-scanning/195
https://github.com/vmware/build-tools-for-vmware-aria/security/code-scanning/196
https://github.com/vmware/build-tools-for-vmware-aria/security/code-scanning/197

@VenelinBakalov VenelinBakalov requested a review from a team as a code owner January 10, 2025 10:59
@github-actions github-actions bot added the kind/dependencies Pull requests that update a dependency file label Jan 10, 2025
@VenelinBakalov VenelinBakalov added kind/skip-changelog Release Drafter: Don't add to the release changelog area/github Github related changes and removed kind/dependencies Pull requests that update a dependency file labels Jan 10, 2025
@VenelinBakalov
Extend trivy permissions
2fc31ca 
Signed-off-by: Venelin Bakalov <[email protected]>
@github-actions github-actions bot added the kind/dependencies Pull requests that update a dependency file label Jan 10, 2025
@VenelinBakalov
Bump setup mvn action to 1.18
4551e5a 
Signed-off-by: Venelin Bakalov <[email protected]>
@VenelinBakalov VenelinBakalov changed the title Add commit hashes to action dependencies [github] Add commit hashes to action dependencies Jan 10, 2025
@vmwclabot
Copy link
Member

@VenelinBakalov, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <[email protected]> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

1 similar comment
@vmwclabot
Copy link
Member

@VenelinBakalov, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <[email protected]> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

@VenelinBakalov VenelinBakalov merged commit 9ba0b8e into main Jan 13, 2025
17 checks passed
@VenelinBakalov VenelinBakalov deleted the add-explicit-commit-hash-dependency branch January 13, 2025 07:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ivo-kotev ivo-kotev ivo-kotev approved these changes

Assignees
No one assigned
Labels
area/github Github related changes kind/dependencies Pull requests that update a dependency file kind/skip-changelog Release Drafter: Don't add to the release changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@VenelinBakalov @vmwclabot @ivo-kotev