mirror/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2026-03-28 11:33:11 -04:00
Code Issues Packages Projects Releases Wiki Activity
25,966 Commits 59 Branches 261 Tags
e57a7f3694de1841fe8aec3994d4c3222f8077e6
Commit Graph

10 Commits

Author SHA1 Message Date
renovate[bot]
889a5fd0ac [skip-ci] Update actions/stale action to v10 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-09-04 09:11:18 +00:00
renovate[bot]
cac4aa3b44 [skip-ci] Update actions/stale action to v9 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-12-07 13:19:55 +00:00
Chris Evich
d53871cf12 GHA: Use version instead of SHA for actions 
It's nearly impossible for humans to tell semantic-version differences
by looking at a commit sha.  Since all the actions in question come from
github, there's little security/safety benefit to using SHAs.

Signed-off-by: Chris Evich <cevich@redhat.com>
 2023-04-10 14:45:36 -04:00
renovate[bot]
d3cf8ccf84 [skip-ci] Update actions/stale action to v8 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-04-09 07:32:10 +00:00
naveensrinivasan
1821eb3837 Pin actions to a full length commit SHA 
- Pinned actions by SHA https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

>Pin actions to a full length commit SHA

>Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.

https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

Also dependabot supports upgrades based on SHA.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-03-28 19:00:16 +00:00
Stuart Shelton
60eb4e74d1 Use more recent stale release... 
… as currently with `v1`, `remove-stale-when-updated` is set but isn't causing labels to be updated when comments are added.

Signed-off-by: Stuart Shelton <stuart@shelton.me>
 2021-05-16 19:02:18 +01:00
Valentin Rothberg
1921a82a91 update stale bot 
Update the GitHub action to mark issues and PRs as stale.  There are a
couple of useful features, most importantly, the bot will remove the
stale label from issues as soon as there's either an activity or a
comment.

This reduces some manual overhead: the stale bot will only drop a
comment on issues and PRs that are not marked as stale.  Hence, as we
appreciated the reminders, we had to manually remove the label which
should now turn into campfire tales.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2020-09-22 11:16:40 +02:00
Valentin Rothberg
8094ee89ba github stale workflow: rephrase and bump close time 
Rephrase the stale message to be friendlier and bump the closing time to
365 days.  The docs of the stale workflow do not indicate whether we can
not close, so a limit of 365 days seems fair.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2020-01-07 11:04:37 +01:00
Valentin Rothberg
7835b863f2 stale action: add exempt-issue-label 
Without the label, issues would be closed regardless of the
"do-not-close" label.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2019-10-30 09:51:40 +01:00
Valentin Rothberg
52e5c4b460 GitHub stale action 
Add a GitHub action to mark issues and PRs as stale and
to eventually close them after a grace period.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2019-10-28 20:35:34 +01:00