Comments (2)
mpkorstanje
commented on August 16, 2024
We can also limit the actions allowed in the organisation in a few different ways
- Only allow actions, cucumber org actions.
- Only allow actions, cucumber org actions and actions from verified publishers.
We currently have these non-cucumber non-github provided actions, I can't tell which ones are verified publishers:
mpkorstanje@nyx:~/Projects/cucumber/code-search$ grep -r uses: | grep ".github" | cut -d ":" -f 3 | sort | uniq | grep -v cucumber | grep -v actions
8398a7/action-slack@v3
arduino/setup-protoc@v1
aurelien-baudet/workflow-dispatch@v2
codecov/codecov-action@v1
codecov/codecov-action@v3
coverallsapp/github-action@master
dart-lang/[email protected]
docker/bake-action@v2
docker/build-push-action@v3
docker/login-action@v2
docker/setup-buildx-action@v2
docker/setup-qemu-action@v2
erlef/setup-beam@v1
GabrielBB/xvfb-action@v1
golangci/[email protected]
goreleaser/goreleaser-action@v2
goreleaser/[email protected]
HaaLeo/publish-vscode-extension@v1
marocchino/sticky-pull-request-comment@v2
mymindstorm/setup-emsdk@v11
ocaml/setup-ocaml@v2
pulumi/setup-pulumi@v2
reactivecircus/android-emulator-runner@v2
ruby/setup-ruby@v1
shivammathur/setup-php@v2
snok/install-poetry@v1
softprops/action-gh-release@v1
from common.
mpkorstanje
commented on August 16, 2024
Projects that use the cucumber/action-create-github-release that would definitely need elevated permissions.
mpkorstanje@nyx:~/Projects/cucumber/code-search$ grep -rl cucumber/action-create-github-release | cut -d '/' -f 1
cucumber-expressions
blockly
cucumber-parent
action-get-versions
gherkin
message-streams
action-publish-rubygem
action-publish-sbt
action-publish-nuget
action-publish-hex
action-create-github-release
action-create-github-release
action-create-github-release
action-create-github-release
action-create-github-release
action-create-github-release
gherkin-streams
cucumber-jvm-scala
action-publish-npm
multi_test
html-formatter
compatibility-kit
action-create-release-pr
cucumber-js-pretty-formatter
ci-environment
cucumber-js
react-components
language-server
action-publish-subrepo
screenplay.js
build
cucumber-ruby
language-service
cucumber-ruby-wire
cucumber-json-converter
monaco
cucumber-android
messages
action-publish-mvn
gherkin-utils
action-publish-pypi
microdata
split-java
tag-expressions
query
action-publish-cpan
cucumber-ruby-core
cucumber-rails
release-tests
cucumber-jvm
from common.
Related Issues (20)
- Slack Unavailable HOT 4
- Use arguments in scenario outline to describe test name HOT 3
- Github is deprecating set-output commands HOT 3
- Grouping Scenarios in .feature Files Using Multiple 'Feature' Keywords HOT 5
- Incorrect status being reported for skipped, pending, failed steps v16.0.3 HOT 7
- Tools page sidebar in when scroll the menu line should not overlap on text. HOT 1
- [Gherkin language feature support] Gherkin can support StepMacros syntax? HOT 5
- how to run prallel all the scenario outline methods with Examples but the test data are in the excel file HOT 1
- Add prettier plugin support for Gherkin HOT 2
- Cucumber html report screen is blur and couldn't able to access the report HOT 1
- Support for triggering/transforming parameterTypes in data table HOT 2
- allow more steps to execute after step failure HOT 9
- How to get Feature File commented lines in Cucumber Json Test Report HOT 7
- We're currently locked out of our npm account HOT 3
- We don't have access to the [email protected] email address HOT 2
- [email protected] email address doesn't forward to the core team HOT 10
- DKIM etc headers for cucumber.community HOT 6
- Slack inviter is broken HOT 12
- Can't register for slack for cuke HOT 1
- Cucumber Reports Collection - how to remove a collection? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from common.