Hello,
This PR was auto-generated to pin the Actions workflow files in this repository to use trusted SHAs.
This is in support of RFC SEC-090 which is due to be implemented by EOQ2 FY24.
Please do the following:
Approve and merge this PR if you are happy with the changes.
Check if there are any untrusted third-party Actions in the workflow files and onboard them to the TSCCR.
The yaml comments "# TSCCR: no entry for repository..." or "# TSCCR: no version of..." in the workflow files identifies an untrusted Action.
If you have to onboard any third-party Actions, update and pin your workflows using the tsccr-helper tool after the Actions have been onboarded OR reach out to #team-prodsec and we can run this automation again.
Verify that your Actions are still working as expected after pinning.
Please reach out to #team-prodsec if you have any questions.
Hello, This PR was auto-generated to pin the Actions workflow files in this repository to use trusted SHAs. This is in support of RFC SEC-090 which is due to be implemented by EOQ2 FY24.
Please do the following:
Please reach out to #team-prodsec if you have any questions.