Skip to content

chore: actions security updates#2109

Merged
taddes merged 7 commits intomasterfrom
chore/actions-security-policy-updates-STOR-502
Mar 12, 2026
Merged

chore: actions security updates#2109
taddes merged 7 commits intomasterfrom
chore/actions-security-policy-updates-STOR-502

Conversation

@taddes
Copy link
Collaborator

@taddes taddes commented Mar 10, 2026
edited by atlassian bot
Loading

Description

A number of updates to secure our GitHub actions were required after a recent audit. This includes best practices set out by our security team.

Issue(s)

Closes STOR-502.

@taddes taddes self-assigned this Mar 10, 2026
@taddes taddes marked this pull request as draft March 10, 2026 22:25
@taddes taddes force-pushed the chore/actions-security-policy-updates-STOR-502 branch from 9d149a2 to ef931ae Compare March 11, 2026 15:41
@taddes taddes marked this pull request as ready for review March 11, 2026 15:41
@taddes taddes requested a review from fkiriakos-ghsm March 11, 2026 15:49
fkiriakos07
fkiriakos07 reviewed Mar 11, 2026
View reviewed changes
.github/workflows/glean-probe-scraper.yml Outdated
permissions:
contents: read
checks: write
uses: mozilla/probe-scraper/.github/workflows/glean.yaml@main
Copy link
Contributor

@fkiriakos07 fkiriakos07 Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it would be a good idea to pin this action to a hash but it's not urgent, I didn't update the hash for it so I don't break any workflows

Copy link
Collaborator Author

@taddes taddes Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I added that, appreciated you pointing it out!

@taddes taddes force-pushed the chore/actions-security-policy-updates-STOR-502 branch from de70207 to 63b5b92 Compare March 11, 2026 20:38
@taddes taddes requested review from chenba and pjenvey March 11, 2026 20:38
chenba
chenba reviewed Mar 11, 2026
View reviewed changes
.github/dependabot.yml Outdated
- "/tools/tokenserver/loadtests"
schedule:
interval: "weekly"
timezone: UCT
Copy link
Collaborator

@chenba chenba Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
timezone: UCT
timezone: UTC

Copy link
Collaborator Author

@taddes taddes Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My bad, thanks for catching the typo.

.github/dependabot.yml Outdated
directory: "/"
schedule:
interval: "weekly"
timezone: UCT
Copy link
Collaborator

@chenba chenba Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
timezone: UCT
timezone: UTC

@taddes taddes requested a review from chenba March 11, 2026 22:13
chenba
chenba approved these changes Mar 12, 2026
View reviewed changes
Copy link
Collaborator

@chenba chenba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have access to the doc linked from the issue, but the PR seem reasonable enough

@taddes
Copy link
Collaborator Author

taddes commented Mar 12, 2026

I don't have access to the doc linked from the issue, but the PR seem reasonable enough

I'll ask for access so you can see the doc 👍

@chenba
Copy link
Collaborator

chenba commented Mar 12, 2026

I'll ask for access so you can see the doc 👍

Thanks, but no need, I got access this morning.

@taddes taddes merged commit f2e6cf5 into master Mar 12, 2026
29 checks passed
@taddes taddes deleted the chore/actions-security-policy-updates-STOR-502 branch March 12, 2026 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chenba chenba chenba approved these changes

@fkiriakos-ghsm fkiriakos-ghsm Awaiting requested review from fkiriakos-ghsm

@pjenvey pjenvey Awaiting requested review from pjenvey

+1 more reviewer

@fkiriakos07 fkiriakos07 fkiriakos07 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@taddes taddes

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@taddes @chenba @fkiriakos07