You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/06/19 20:39:56 UTC

[GitHub] [airflow] potiuk opened a new pull request #16546: Add selective permissions for GitHub Tokens

potiuk opened a new pull request #16546:
URL: https://github.com/apache/airflow/pull/16546


   As of end of April we can set selective permissions for GitHub
   tokens https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
   
   This allows us to use just a very small subset for workflows of ours
   which is good idea for limiting vector of attacks for supply-chain
   attacks.
   
   For example that would rended recent codecov hacking completely
   useless even if someone grabs and uses the token immediately.
   
   <!--
   Thank you for contributing! Please make sure that your code changes
   are covered with tests. And in case of new features or big changes
   remember to adjust the documentation.
   
   Feel free to ping committers for the review!
   
   In case of existing issue, reference it using one of the following:
   
   closes: #ISSUE
   related: #ISSUE
   
   How to write a good git commit message:
   http://chris.beams.io/posts/git-commit/
   -->
   
   ---
   **^ Add meaningful description above**
   
   Read the **[Pull Request Guidelines](https://github.com/apache/airflow/blob/main/CONTRIBUTING.rst#pull-request-guidelines)** for more information.
   In case of fundamental code change, Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvements+Proposals)) is needed.
   In case of a new dependency, check compliance with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x).
   In case of backwards incompatible changes please leave a note in [UPDATING.md](https://github.com/apache/airflow/blob/main/UPDATING.md).
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk merged pull request #16546: Add selective permissions for GitHub Tokens

Posted by GitBox <gi...@apache.org>.
potiuk merged pull request #16546:
URL: https://github.com/apache/airflow/pull/16546


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] github-actions[bot] commented on pull request #16546: Add selective permissions for GitHub Tokens

Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on pull request #16546:
URL: https://github.com/apache/airflow/pull/16546#issuecomment-864580728


   The PR most likely needs to run full matrix of tests because it modifies parts of the core of Airflow. However, committers might decide to merge it quickly and take the risk. If they don't merge it quickly - please rebase it to the latest main at your convenience, or amend the last commit of the PR, and push it with --force-with-lease.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org