You are viewing a plain text version of this content. The canonical link for it is here.

Posted to github@arrow.apache.org by GitBox <gi...@apache.org> on 2022/07/04 00:30:40 UTC

[GitHub] [arrow] naveensrinivasan opened a new pull request, #13502: chore: Set permissions for GitHub actions

naveensrinivasan opened a new pull request, #13502:
URL: https://github.com/apache/arrow/pull/13502

    Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
   
   - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
   
   https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
   
   https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
   
   [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
   
   Signed-off-by: naveen <17...@users.noreply.github.com>
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] pitrou commented on pull request #13502: chore: Set permissions for GitHub actions

Posted by GitBox <gi...@apache.org>.

pitrou commented on PR #13502:
URL: https://github.com/apache/arrow/pull/13502#issuecomment-1208300870

   @naveensrinivasan Ping! Could you create a JIRA ticket as requested?
   If you are not able to do it, please say so so that someone else can step up :-)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] naveensrinivasan commented on pull request #13502: chore: Set permissions for GitHub actions

Posted by GitBox <gi...@apache.org>.

naveensrinivasan commented on PR #13502:
URL: https://github.com/apache/arrow/pull/13502#issuecomment-1173998975

   > Thanks, this is a good change. This is not a minor PR by our [definition](https://github.com/apache/arrow/blob/master/CONTRIBUTING.md#Minor-Fixes) so please create a JIRA ticket for it :)
   
   I will do that. Thanks 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] assignUser commented on pull request #13502: chore: Set permissions for GitHub actions

Posted by GitBox <gi...@apache.org>.

assignUser commented on PR #13502:
URL: https://github.com/apache/arrow/pull/13502#issuecomment-1237281990

   I will pick this up in [ARROW-17621](https://issues.apache.org/jira/browse/ARROW-17621)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] rok closed pull request #13502: chore: Set permissions for GitHub actions

Posted by GitBox <gi...@apache.org>.

rok closed pull request #13502: chore: Set permissions for GitHub actions
URL: https://github.com/apache/arrow/pull/13502


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] assignUser commented on pull request #13502: chore: Set permissions for GitHub actions

Posted by GitBox <gi...@apache.org>.

assignUser commented on PR #13502:
URL: https://github.com/apache/arrow/pull/13502#issuecomment-1173739511

   Thanks, this is a good change. This is not a minor PR by our [definition](https://github.com/apache/arrow/blob/master/CONTRIBUTING.md#Minor-Fixes) so please create a JIRA ticket for it :) 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] github-actions[bot] commented on pull request #13502: chore: Set permissions for GitHub actions

Posted by GitBox <gi...@apache.org>.

github-actions[bot] commented on PR #13502:
URL: https://github.com/apache/arrow/pull/13502#issuecomment-1173209075

   <!--
     Licensed to the Apache Software Foundation (ASF) under one
     or more contributor license agreements.  See the NOTICE file
     distributed with this work for additional information
     regarding copyright ownership.  The ASF licenses this file
     to you under the Apache License, Version 2.0 (the
     "License"); you may not use this file except in compliance
     with the License.  You may obtain a copy of the License at
   
       http://www.apache.org/licenses/LICENSE-2.0
   
     Unless required by applicable law or agreed to in writing,
     software distributed under the License is distributed on an
     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
     KIND, either express or implied.  See the License for the
     specific language governing permissions and limitations
     under the License.
   -->
   
   Thanks for opening a pull request!
   
   If this is not a [minor PR](https://github.com/apache/arrow/blob/master/CONTRIBUTING.md#Minor-Fixes). Could you open an issue for this pull request on JIRA? https://issues.apache.org/jira/browse/ARROW
   
   Opening JIRAs ahead of time contributes to the [Openness](http://theapacheway.com/open/#:~:text=Openness%20allows%20new%20users%20the,must%20happen%20in%20the%20open.) of the Apache Arrow project.
   
   Then could you also rename pull request title in the following format?
   
       ARROW-${JIRA_ID}: [${COMPONENT}] ${SUMMARY}
   
   or
   
       MINOR: [${COMPONENT}] ${SUMMARY}
   
   See also:
   
     * [Other pull requests](https://github.com/apache/arrow/pulls/)
     * [Contribution Guidelines - How to contribute patches](https://arrow.apache.org/docs/developers/contributing.html#how-to-contribute-patches)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] naveensrinivasan commented on pull request #13502: chore: Set permissions for GitHub actions

Posted by GitBox <gi...@apache.org>.

naveensrinivasan commented on PR #13502:
URL: https://github.com/apache/arrow/pull/13502#issuecomment-1208352854

   > @naveensrinivasan Ping! Could you create a JIRA ticket as requested?
   > If you are not able to do it, please say so so that someone else can step up :-)
   
   I apologize. I won’t be able to do it now. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org