allstar icon indicating copy to clipboard operation
allstar copied to clipboard
verified publisher icon ossf

Feature: require GitHub Actions to be present

Open hazcod opened this issue 4 years ago • 1 comments

Would be great if allstar could verify whether certain GitHub Actions exist and a minimum version. Often GitHub Actions contain a set of security screenings to block the PR.

hazcod avatar Aug 11 '21 17:08 hazcod

Yes, this is needed. Being able to generically configure an expected action/workflow to be present seems very useful. I believe defining how the config would work and the behavior of the policy will be tricky, help is needed here. For example, you can have multiple workflows in a repo, based on different triggers, and they may block/allow different things. I assume we would want to ensure a specific action is a part of a workflow that blocks something specific (PR merge, etc.).

jeffmendoza avatar Aug 12 '21 18:08 jeffmendoza