mirror/glances
1
0
Fork 0
mirror of https://github.com/nicolargo/glances.git synced 2026-04-19 05:18:04 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
effcd426fbfd7899be87678cf82bfb6e4cdec72f
glances/.github/workflows/needs_contributor.yml
nicolargo 599c193258 Harden GitHub Actions workflows: minimal permissions, SHA pins, timeouts 
- Add top-level  on caller (ci.yml) and scheduled/event
    workflows (inactive_issues.yml, needs_contributor.yml)
  - Declare explicit job-level permissions across all reusable workflows
  - Pin all third-party actions to immutable commit SHAs (was using mutable
    tags, including the critical )
  - Align codeql-action on v3 across quality.yml and cyber.yml
  - Add timeout-minutes on every job to prevent runaway builds
  - Add concurrency group on ci.yml with cancel-in-progress for PRs only
  - Add .github/dependabot.yml for automated SHA and npm dependency updates
2026-03-15 18:23:06 +01:00

27 lines
742 B
YAML
Raw Blame History

name: Add a message when needs contributor tag is used
on:
issues:
types:
- labeled
permissions: {}
jobs:
add-comment:
if: github.event.label.name == 'needs contributor'
runs-on: ubuntu-latest
timeout-minutes: 5
permissions:
issues: write
steps:
- name: Add comment
run: gh issue comment "$NUMBER" --body "$BODY"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
NUMBER: ${{ github.event.issue.number }}
BODY: >
This issue is available for anyone to work on.
**Make sure to reference this issue in your pull request.**
:sparkles: Thank you for your contribution ! :sparkles:
Reference in New Issue View Git Blame Copy Permalink