Open bjhargrave opened 6 months ago
russellb
commented
5 months ago @bjhargrave does the list you have in #45 cover all currently used actions across all repos? Otherwise, it seems like we can't do the configuration until we know it doesn't break anything. Starting with everything currently in use seems fine though
bjhargrave
commented
5 months ago @bjhargrave does the list you have in #45 cover all currently used actions across all repos?
It is not exhaustive. There are other repos in the org which I will need to survey. This issue is to capture the need to update org settings when we have a final list.
russellb
commented
5 months ago Thanks, @bjhargrave . Can you make a small edit to clarify, something like:
Once https://github.com/instructlab/dev-docs/pull/45 is approved and merged, the organization settings need to configured.
to
Once https://github.com/instructlab/dev-docs/pull/45 is approved and merged and a full audit of existing github action usage is complete, the organization settings need to configured.
I just wanted to clarify that the audit is still a to-do item before we can update settings.
nathan-weinberg
commented
5 months ago Has this been done?
russellb
commented
5 months ago Has this been done?
fairly certain thee audit is not complete?
github-actions[bot]
commented
2 months ago This issue has been automatically marked as stale because it has not had activity within 90 days. It will be automatically closed if no further activity occurs within 30 days.
nathan-weinberg
commented
2 weeks ago @instructlab/oversight-committee please confirm if this is done and close it if it is
jjasghar
commented
2 weeks ago It looks like we do not have an allow list of actions done yet. You can use any action or reuseable workflow:
Given the policy in #45, we need to update the organization settings to enforce the allowed providers of actions.
Once #45 is approved and merged, and a full audit of existing GitHub action usage is complete, the organization settings need to configured.