dd-trace-dotnet icon indicating copy to clipboard operation
dd-trace-dotnet copied to clipboard
verified publisher icon DataDog

Vendor-in GitHub actions

Open andrewlock opened this issue 2 years ago • 0 comments

Summary of changes

Vendors in the external GitHub Actions we currently use

Reason for change

We're considering changing the allowed GitHub actions to be Allow enterprise, and select non-enterprise, actions and reusable workflows. As long as we also enable actions by GitHub and verified creators, then there are only 2 to vendor

Implementation details

We currently use these:

  • github and actions (GitHub created)
  • octokit, advanced-security, docker (verified creators)
  • DataDog/system-tests/lib-injection/runner@main (would need to add exception)

Additionally, we have

which are vendored in this PR

Test coverage

Yeah... easier said than done. I guess I should try to test these, but it's a real pain...

Other details

Instead of vendoring these, we could just add them to the exceptions list?

andrewlock avatar Nov 07 '23 10:11 andrewlock