mirrors/scylladb
1
0
Fork 0
mirror of https://github.com/scylladb/scylladb.git synced 2026-04-20 08:30:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
080e04f686c799a8eebe28a29c2754dcaa54f7eb
scylladb/.github/workflows
History
Yaron Kaikov 080e04f686 ci: harden trigger-scylla-ci workflow against credential leaks and untrusted PRs 
refs: https://github.com/scylladb/scylladb/security/advisories/GHSA-wrqg-xx2q-r3fv

- Remove -v and -i flags from curl to prevent credentials from being
  logged in workflow output
- Move PR_NUMBER and PR_REPO_NAME into the env block with proper quoting
  to prevent shell injection via crafted PR metadata
- Add org membership verification step for pull_request_target events so
  that only PRs from scylladb org members can trigger Jenkins CI

Fixes: https://scylladb.atlassian.net/browse/SCYLLADB-796

Closes scylladb/scylladb#28785

(cherry picked from commit 98494e08eb)

Closes scylladb/scylladb#28809
2026-02-27 11:28:11 +02:00
..
add-label-when-promoted.yaml
Fix label parsing logic in backport check script
2025-09-08 11:42:16 +03:00
backport-pr-fixes-validation.yaml
.github/workflows/backport-pr-fixes-validation: support Atlassian URL format in backport PR fixes validation
2026-01-27 16:05:34 +02:00
build-scylla.yaml
github: use needs.read-toolchain.outputs.image for build-scylla
2024-09-05 12:58:36 +03:00
call_backport_with_jira.yaml
.github/workflows: enable automatic backport PR creation with Jira sub-issue integration
2026-02-26 09:54:38 +02:00
call_jira_status_in_progress.yml
Change pull_request event to pull_request_target - in progress
2025-09-04 12:41:29 +03:00
call_jira_status_in_review.yml
Update workflow to use pull_request_target event - in review
2025-09-04 12:42:52 +03:00
call_jira_status_ready_for_merge.yml
Change pull_request event to pull_request_target - ready for merge
2025-09-04 12:47:25 +03:00
check-license-header.yaml
.github: grant write permissions for PR comments in license check workflow
2025-02-07 16:09:42 +08:00
clang-nightly.yaml
github: use clang-21 in clang-nightly workflow
2025-02-05 14:58:35 +03:00
clang-tidy.yaml
github: Skip clang-tidy when not explicitly requested
2025-02-27 13:28:35 +03:00
codespell.yaml
treewide: drop thrift support
2024-06-07 06:44:59 +08:00
conflict_reminder.yaml
./github/workflows/conflict_reminder: improve workflow with weekly notifications
2025-07-22 15:21:12 +03:00
differential-shellcheck.yaml
.github: Add differential-shellcheck workflow for shell script analysis
2024-12-04 13:34:53 +02:00
docs-pages.yaml
docs: update theme 1.7
2024-04-16 13:48:11 +02:00
docs-pr.yaml
docs: run docs test on changing config params
2024-09-01 22:15:48 +03:00
iwyu.yaml
github: improve seastar bad include check
2025-03-30 11:56:18 +03:00
make-pr-ready-for-review.yaml
.github: Make "make-pr-ready-for-review" workflow run in base repo
2025-04-08 09:30:18 +03:00
pr-require-backport-label.yaml
.github: add delay before checking for required PR labels
2025-04-02 19:28:15 +03:00
read-toolchain.yaml
github: always use the tools/toolchain/image for lint workflows
2024-07-10 23:45:35 +03:00
reproducible-build.yaml
github: disable scheduled workflow on forks
2024-07-15 19:19:28 +08:00
seastar.yaml
.github: use the toolchain specified by tools/toolchain/image
2025-01-14 07:56:38 -05:00
sync-labels.yaml
github: Enhance label sync to support P0/P1 priority labels
2025-08-22 06:50:13 +03:00
trigger_jenkins.yaml
.github: Update github action for triggering next gating
2025-03-10 14:38:08 +02:00
trigger-scylla-ci.yaml
ci: harden trigger-scylla-ci workflow against credential leaks and untrusted PRs
2026-02-27 11:28:11 +02:00
urgent_issue_reminder.yml
Update urgent_issue_reminder.yml - run daily
2025-09-25 11:05:51 +03:00