semantic-kernel
semantic-kernel copied to clipboard
Published
20 hours ago •
microsoft
microsoft
Fix potential github action smells
Motivation and Context
Description
Hey! 🙂 I want to contribute the following changes to your workflow:
- Use commit hash instead of tags for action versions
- Use fixed version for runs-on argument
- Avoid jobs without timeouts
- Prevent running issue/PR actions on forks
- Steps should only perform a single command
- Use names for run steps
These changes are part of a research Study at TU Delft looking at GitHub Action Smells. Find out more
Contribution Checklist
- [ ] The code builds clean without any errors or warnings
- [ ] The PR follows the SK Contribution Guidelines and the pre-submission formatting script raises no violations
- [ ] All unit tests pass, and I have added new tests where possible
- [ ] I didn't break anyone :smile:
@RogerBarreto Here is a scientific paper and a blog post about potential security risks related to GitHub Actions
Going to close this out because the team has decided that we'll remove both of these actions.
