Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: add new GH policy requirements #24

Merged
merged 4 commits into from
Oct 7, 2024
Merged

chore: add new GH policy requirements #24

merged 4 commits into from
Oct 7, 2024

Conversation

Luisfc68
Copy link
Collaborator

@Luisfc68 Luisfc68 commented Oct 2, 2024

What

  • Added dependabot config
  • Added dependency review action
  • Added scorecard action
  • Replace tags by commit hashes in actions
  • Replaced husky by pre commit
  • Added contributing and security files
  • Add GH action to run unit tests

Why

In order to be compliant with the organization's GH policy

Task

https://rsklabs.atlassian.net/browse/GBI-2136

Important

The BBP for this repo is not live yet, I think we should wait until it is to merge this PR

@Luisfc68 Luisfc68 merged commit de824d8 into main Oct 7, 2024
4 checks passed
diego-jeronymo
diego-jeronymo reviewed Oct 8, 2024
View reviewed changes
.github/workflows/ci.yml
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion:

uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0

.github/workflows/dependency-review.yml
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion:

uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0

.github/workflows/scorecard.yml

steps:
- name: "Checkout code"
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion:

uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0

.github/workflows/scorecard.yml
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest to use the updated version 2.4.0
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0

more details: https://github.com/ossf/scorecard-action/releases

.github/workflows/scorecard.yml
publish_results: true

- name: "Upload artifact"
uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest to use the last updated stable version 2.4.0
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
more details: https://github.com/actions/upload-artifact/releases

.github/workflows/scorecard.yml
retention-days: 5

- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest to use the last updated stable version 3.26.9
uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9

.github/workflows/slither.yml
jobs:
analyze:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion:

uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0

.github/workflows/slither.yml
id: slither
with:
sarif: results.sarif
fail-on: none
target: contracts/

- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@85b07cf1e13dd512be7c27c37a33c5864c252fcc # v2
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest to use the last updated stable version 3.26.9
uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@diego-jeronymo diego-jeronymo diego-jeronymo left review comments

@MaximStanciu8 MaximStanciu8 MaximStanciu8 approved these changes

@gsoares85 gsoares85 Awaiting requested review from gsoares85

@Dominikkq Dominikkq Awaiting requested review from Dominikkq

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Luisfc68 @MaximStanciu8 @diego-jeronymo