ci: [2024-Q3] CI/CD Audit Story

[rbarkerSL]

CI/CD Quarterly Audit

• Description: Perform quarterly CI/CD audit

Audit Criteria

• [ ] Actions are enabled?
  • All workflow items are using pinned actions
  • Appropriate permissions are set within the github workflows
  • Dependabot is enabled on the repository
  • The Repository is using self-hosted runners (if appropriate)
  • The Step-Security Hardened Security action is enabled
• [x] Actions are disabled if not in use within last 6 months
• [x] The repository uses the current rulesets
• [x] Individual branch protections are turned off
• [x] Individual tag protections are turned off
• [x] CODEOWNERS is valid and up-to-date
• [x] Teams are assigned to the repository
• [x] Individual contributors that are part of assigned teams are removed from contributors list
• [x] Repository settings are configured per organization standard
• [x] All webhooks present are needed and in use
• [ ] If Applicable: Alert repository owners of software versions that are no longer supported
• [ ] If Applicable: Alert repository owners when software versions are within 3 months of losing support
• [x] Custom properties: last-ci-review-by-team is set
• [x] Custom properties: last-ci-review-date is set (Use format: YYYY-MM-DD)

Repository Settings

• [x] Require contributors to sign off on web-based commits
• [x] Features: Issues
• [x] Features: Preserve this Repository
• [x] Features: Discussions
• [x] Features: Projects
• [x] Pull Requests: Allow Squash Merging
• [x] Pull Requests: Always suggest updating pull request branches
• [x] Pull Requests: Automatically delete head branches
• [x] Pushes: Limit how many branches and tags can be updated in a single push

Acceptance Criteria

• [x] All Audit Criteria have been met