https://github.com/assignuser/action-list-poc
https://github.com/assignuser/action-list-poc
Last synced: 12 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/assignuser/action-list-poc
- Owner: assignUser
- License: apache-2.0
- Created: 2025-01-03T02:06:32.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-04-24T11:56:19.000Z (about 1 year ago)
- Last Synced: 2025-04-24T12:50:42.608Z (about 1 year ago)
- Language: Python
- Size: 42 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# ASF Actions Allowlist Gateway
- actions.yml contains the data about allowlisted actions and their refs
- a workflow and `scripts/gateway.py` turns this into a dummy Github Actions workflow that is checked by Dependabot
- if Dependabot finds a new version it will open a PR against the workflow to update the ref
- once the PR is merged a workflow will update actions.yml with the new ref and set an expire date on previous refs and create `approved_patterns.yml` from the data which is in turn used to set the ASF org settings
- a cron job removes expired refs and actions with no refs from `actions.yml`