目录树: bd99b74608

Jon Ross-Perkins a94136d477 Remove references to explorer (#5287)		1 年之前
..
README.md	b73387fc84 Update workflows for security hardening. (#4192)	1 年之前
auto_assign_prs.yaml	a94136d477 Remove references to explorer (#5287)	1 年之前
auto_label_prs.yaml	a94136d477 Remove references to explorer (#5287)	1 年之前
clang_tidy.yaml	24c173b10f Try using same_pkg_direct_rdeps for clang-tidy action (#5144)	1 年之前
discord_wiki.yaml	17abaa2bca Fix stray quote in action (#4193)	1 年之前
gh_pages_ci.yaml	b6396e97f8 Build a website. (#4189)	1 年之前
gh_pages_deploy.yaml	b6396e97f8 Build a website. (#4189)	1 年之前
nightly_release.yaml	2ea2166cf8 Update pre-commit (#4995)	1 年之前
pre_commit.yaml	95fd890698 Allow pre-commit to talk to googleapis (#4966)	1 年之前
pre_commit_suggestions.yaml	b73387fc84 Update workflows for security hardening. (#4192)	1 年之前
proposal_labeled.yaml	b73387fc84 Update workflows for security hardening. (#4192)	1 年之前
proposal_ready.yaml	b73387fc84 Update workflows for security hardening. (#4192)	1 年之前
sync_repos.yaml	b73387fc84 Update workflows for security hardening. (#4192)	1 年之前
tests.yaml	249709cb49 Split out clang-tidy to not run in merge (#4428)	1 年之前
triage_inactive.yaml	9fc40f86f9 Rename 'long term' to 'long term issue' (#5023)	1 年之前

Workflows

Hardening

Workflows are hardened using Step Security tool. Findings for the "Harden Runner" steps are available online.

Most jobs only have a few endpoints, but due to tools which do downloads, a few have significantly more. These are:

When updating one of these, consider updating all of them.

We try to keep allowed-endpoints with one per line. Prettier wants to wrap them, which we fix this with prettier-ignore.

We keep around an action-test branch in carbon-lang, which can be used to test triggers with push: configurations. For example:

on:
  push:
    branches: [action-test]