WordPress.org

Make WordPress Core

Changeset 50474


Ignore:
Timestamp:
03/02/2021 04:09:16 PM (3 months ago)
Author:
desrosj
Message:

Build/Test Tools: Pin the welcome-action to a specific commit SHA.

Some GitHub Action scripts require additional permissions to perform the desired operations. This permission is usually given by passing a personal access token (PAT) to the action as an input.

Because PATs grant access to sensitive information about the repository and actions with PATs become trusted actors, 3rd party actions should not be installed by specifying a major or minor version.

Instead, specifying a full length commit SHA will use the 3rd party action as an immutable release, ensuring the workflows within the repository are not affected by upstream security problems should they occur.

Props johnbillion.
See #52625.

File:
1 edited

Legend:

Unmodified
Added
Removed
Note: See TracChangeset for help on using the changeset viewer.