You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/06/19 20:39:56 UTC
[GitHub] [airflow] potiuk opened a new pull request #16546: Add selective permissions for GitHub Tokens
potiuk opened a new pull request #16546:
URL: https://github.com/apache/airflow/pull/16546
As of end of April we can set selective permissions for GitHub
tokens https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
This allows us to use just a very small subset for workflows of ours
which is good idea for limiting vector of attacks for supply-chain
attacks.
For example that would rended recent codecov hacking completely
useless even if someone grabs and uses the token immediately.
<!--
Thank you for contributing! Please make sure that your code changes
are covered with tests. And in case of new features or big changes
remember to adjust the documentation.
Feel free to ping committers for the review!
In case of existing issue, reference it using one of the following:
closes: #ISSUE
related: #ISSUE
How to write a good git commit message:
http://chris.beams.io/posts/git-commit/
-->
---
**^ Add meaningful description above**
Read the **[Pull Request Guidelines](https://github.com/apache/airflow/blob/main/CONTRIBUTING.rst#pull-request-guidelines)** for more information.
In case of fundamental code change, Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvements+Proposals)) is needed.
In case of a new dependency, check compliance with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x).
In case of backwards incompatible changes please leave a note in [UPDATING.md](https://github.com/apache/airflow/blob/main/UPDATING.md).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] potiuk merged pull request #16546: Add selective permissions for GitHub Tokens
Posted by GitBox <gi...@apache.org>.
potiuk merged pull request #16546:
URL: https://github.com/apache/airflow/pull/16546
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] github-actions[bot] commented on pull request #16546: Add selective permissions for GitHub Tokens
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on pull request #16546:
URL: https://github.com/apache/airflow/pull/16546#issuecomment-864580728
The PR most likely needs to run full matrix of tests because it modifies parts of the core of Airflow. However, committers might decide to merge it quickly and take the risk. If they don't merge it quickly - please rebase it to the latest main at your convenience, or amend the last commit of the PR, and push it with --force-with-lease.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org