The changes made to the CONTRIBUTING.md guide include a section on "Authoring CI Workflows." The changes outline the importance of using third party actions pinned to hash values for secure maintenance of dependencies and version updates. The changes made highlight the pin generation syntax that references the full length commit SHA associated with the version of the action within the action's repository.
Fixes #317
Type of change
[X] This change requires a documentation update
How has this been tested?
[X] The tests run to verify changes were make test, make lint, make develop, and make all from the trestle-bot Makefile.
Test Configuration:
Firmware version: N40ET47W (1.29)
Hardware: Lenovo ThinkPad P1 Gen 4i
Toolchain:
SDK:
Checklist
[X] My code follows the style guidelines of this project
[X] I have performed a self-review of my own code
[ ] I have commented my code, particularly in hard-to-understand areas
[X] I have made corresponding changes to the documentation
[X] My changes generate no new warnings
[ ] I have added tests that prove my fix is effective or that my feature works
[ ] New and existing unit tests pass locally with my changes
[ ] Any dependent changes have been merged and published in downstream modules
Description
The changes made to the
CONTRIBUTING.mdguide include a section on "Authoring CI Workflows." The changes outline the importance of using third party actions pinned to hash values for secure maintenance of dependencies and version updates. The changes made highlight the pin generation syntax that references the full length commit SHA associated with the version of the action within the action's repository.Fixes #317
Type of change
How has this been tested?
make test,make lint,make develop, andmake allfrom the trestle-bot Makefile.Test Configuration:
Checklist