mirror of
https://github.com/kdave/btrfs-progs
synced 2025-04-25 04:27:54 +00:00
btrfs-progs: ci: update version of tj-actions/changed-files
There was an attack on the changed-files action [1] that is used in the devel workflow, started only after the branch devel is pushed, currently possible only by 2 people. There was one run of GH actions that used the compromised version and only the temporary github tokens (github_token, system.github.token, with the "ghs_" prefix) were visible in the logs. Their lifetime is said to be 24hours. No other tokens or secretes were affected. As recommended, bump the version to v46. We may reimplement the action eventually as it's quite simple for our needs. [1] https://www.ox.security/15-hours-of-open-sourced-hell-lessons-learned-from-tj-actions-changed-files/ Signed-off-by: David Sterba <dsterba@suse.com>
This commit is contained in:
David Sterba
parent
8f9e86e2a1
commit
17b49b9dbd
2
.github/workflows/devel.yml
vendored
2
.github/workflows/devel.yml
vendored
@ -21,7 +21,7 @@ jobs:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Get changed files
|
||||
id: changed-files
|
||||
uses: tj-actions/changed-files@v44
|
||||
uses: tj-actions/changed-files@v46
|
||||
- run: sudo modprobe btrfs
|
||||
- run: sudo apt-get update -qqq
|
||||
- run: sudo apt-get install -y pkg-config gcc liblzo2-dev libzstd-dev libblkid-dev uuid-dev zlib1g-dev libext2fs-dev e2fsprogs libudev-dev python3-sphinx sphinx-rtd-theme-common python3-sphinx-rtd-theme
|
||||
|
||||
Loading…
Reference in New Issue
Block a user