rust/neon
1
0
Fork 0
mirror of https://github.com/neondatabase/neon.git synced 2026-01-14 17:02:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
problame/hack/io-uring-attach-wq
neon/.github/workflows
History
StepSecurity Bot 902d361107 CI/CD Hardening: Fixing StepSecurity Flagged Issues (#11724) 
### Summary
I'm fixing one or more of the following CI/CD misconfigurations to
improve security. Please feel free to leave a comment if you think the
current permissions for the GITHUB_TOKEN should not be restricted so I
can take a note of it as accepted behaviour.

- Restrict permissions for GITHUB_TOKEN
- Add step-security/harden-runner
- Pin Actions to a full length commit SHA

### Security Fixes
will fix https://github.com/neondatabase/cloud/issues/26141
2025-04-25 14:36:45 +00:00
..
_benchmarking_preparation.yml
fix(ci): Fixing StepSecurity Flagged Issues (#11311)
2025-03-19 16:44:22 +00:00
_build-and-test-locally.yml
feat: Direct IO for the pageserver write path (#11558)
2025-04-24 14:57:36 +00:00
_check-codestyle-python.yml
impr(ci): use hetzner buckets for cache (#11364)
2025-03-27 11:11:45 +00:00
_check-codestyle-rust.yml
impr(ci): use hetzner buckets for cache (#11364)
2025-03-27 11:11:45 +00:00
_create-release-pr.yml
CI(release): add time to RC PR branch names (#11547)
2025-04-15 15:08:05 +00:00
_meta.yml
fix(ci): make regex to find rc branches less strict (#11646)
2025-04-18 16:39:18 +00:00
_push-to-container-registry.yml
impr(ci): send clearer notifications to slack when retrying container image pushes (#11447)
2025-04-04 14:56:41 +00:00
actionlint.yml
fix(ci): Fixing StepSecurity Flagged Issues (#11311)
2025-03-19 16:44:22 +00:00
approved-for-ci-run.yml
fix(ci): Fixing StepSecurity Flagged Issues (#11311)
2025-03-19 16:44:22 +00:00
benchmarking.yml
fix(ci): Fixing StepSecurity Flagged Issues (#11311)
2025-03-19 16:44:22 +00:00
build_and_test_with_sanitizers.yml
fix(ci): Fixing StepSecurity Flagged Issues (#11311)
2025-03-19 16:44:22 +00:00
build_and_test.yml
feat: Direct IO for the pageserver write path (#11558)
2025-04-24 14:57:36 +00:00
build-build-tools-image.yml
fix(ci): Fixing StepSecurity Flagged Issues (#11311)
2025-03-19 16:44:22 +00:00
build-macos.yml
CI(check-macos-build): use gh native cache (#11707)
2025-04-25 09:18:20 +00:00
cargo-deny.yml
fix(ci): Fixing StepSecurity Flagged Issues (#11311)
2025-03-19 16:44:22 +00:00
check-permissions.yml
CI/CD Hardening: Fixing StepSecurity Flagged Issues (#11724)
2025-04-25 14:36:45 +00:00
cleanup-caches-by-a-branch.yml
CI/CD Hardening: Fixing StepSecurity Flagged Issues (#11724)
2025-04-25 14:36:45 +00:00
cloud-regress.yml
fix(ci): Fixing StepSecurity Flagged Issues (#11311)
2025-03-19 16:44:22 +00:00
fast-forward.yml
CI/CD Hardening: Fixing StepSecurity Flagged Issues (#11724)
2025-04-25 14:36:45 +00:00
force-test-extensions-upgrade.yml
Increase the timeout for extensions upgrade tests (on schedule). (#11406)
2025-04-02 11:18:37 +00:00
ingest_benchmark.yml
fix(ci): Fixing StepSecurity Flagged Issues (#11311)
2025-03-19 16:44:22 +00:00
label-for-external-users.yml
CI/CD Hardening: Fixing StepSecurity Flagged Issues (#11724)
2025-04-25 14:36:45 +00:00
large_oltp_benchmark.yml
fix(ci): Fixing StepSecurity Flagged Issues (#11311)
2025-03-19 16:44:22 +00:00
lint-release-pr.yml
fix(ci): Fixing StepSecurity Flagged Issues (#11311)
2025-03-19 16:44:22 +00:00
neon_extra_builds.yml
fix(ci): Fixing StepSecurity Flagged Issues (#11311)
2025-03-19 16:44:22 +00:00
periodic_pagebench.yml
fix(ci): Fixing StepSecurity Flagged Issues (#11311)
2025-03-19 16:44:22 +00:00
pg-clients.yml
CI(pg-clients): fix workflow permissions (#11623)
2025-04-17 08:54:23 +00:00
pin-build-tools-image.yml
CI/CD Hardening: Fixing StepSecurity Flagged Issues (#11724)
2025-04-25 14:36:45 +00:00
pre-merge-checks.yml
fix(ci): Fixing StepSecurity Flagged Issues (#11311)
2025-03-19 16:44:22 +00:00
random-ops-test.yml
random operations test (#10986)
2025-04-17 19:59:35 +00:00
regenerate-pg-setting.yml
fix(ci): Fixing StepSecurity Flagged Issues (#11311)
2025-03-19 16:44:22 +00:00
release-notify.yml
fix(ci): Fixing StepSecurity Flagged Issues (#11311)
2025-03-19 16:44:22 +00:00
release.yml
proxy: Move release PR creation to Tuesday (#11306)
2025-03-19 16:45:29 +00:00
report-workflow-stats-batch.yml
chore(ci): upgrade stats action with docker images from ghcr.io (#11378)
2025-03-31 14:21:07 +00:00
trigger-e2e-tests.yml
CI/CD Hardening: Fixing StepSecurity Flagged Issues (#11724)
2025-04-25 14:36:45 +00:00