Skip to content

Harden GitHub actions#3343

Merged
samsrabin merged 4 commits into
ESCOMP:b4b-devfrom
samsrabin:action-hardening
Jul 22, 2025
Merged

Harden GitHub actions#3343
samsrabin merged 4 commits into
ESCOMP:b4b-devfrom
samsrabin:action-hardening

Conversation

@samsrabin
Copy link
Copy Markdown
Member

@samsrabin samsrabin commented Jul 22, 2025
edited
Loading

Description of changes

Changes to GitHub actions to improve security.

Specific notes

Contributors other than yourself, if any: None

CTSM Issues Fixed:

Are answers expected to change (and if so in what way)? No

Any User Interface Changes (namelist or namelist defaults changes)? No

Does this create a need to change or add documentation? Did you do so?

Testing performed, if any: Workflows on this PR.

@samsrabin samsrabin self-assigned this Jul 22, 2025
@samsrabin samsrabin added b4b bit-for-bit devops Development Operations to improve development throughput, E.g., adding GitHub Workflows labels Jul 22, 2025
@samsrabin samsrabin changed the base branch from master to b4b-dev July 22, 2025 17:02
@samsrabin
Bump docs container version.
d075ae5 
Needed to pass build test.
@samsrabin samsrabin marked this pull request as ready for review July 22, 2025 18:34
@samsrabin samsrabin requested a review from ekluzek July 22, 2025 18:34
@samsrabin samsrabin moved this from Todo to In Progress in Self-hosted GitHub actions runners Jul 22, 2025
ekluzek
ekluzek approved these changes Jul 22, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@ekluzek ekluzek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is straightforward. It's just doing what the issues that are resolved talk about according to the recommendations given from CISL.

@samsrabin samsrabin merged commit d708ed1 into ESCOMP:b4b-dev Jul 22, 2025
15 checks passed
@ekluzek ekluzek mentioned this pull request Jul 25, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ekluzek ekluzek ekluzek approved these changes

Assignees

@samsrabin samsrabin

Labels

b4b bit-for-bit devops Development Operations to improve development throughput, E.g., adding GitHub Workflows

Projects

Self-hosted GitHub actions runners
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Minimize workflow job permissions Specify SHA for GitHub Actions versions

2 participants

@samsrabin @ekluzek