Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update resource types to use hardened images #4383

Merged
merged 1 commit into from
Feb 16, 2024
Merged

Update resource types to use hardened images #4383

merged 1 commit into from
Feb 16, 2024

Conversation

svenaas
Copy link
Contributor

@svenaas svenaas commented Feb 12, 2024
edited by apburnes
Loading

Fixes #4384

Changes proposed in this pull request:

  • Update pipelines to use our current hardened images
  • Clean up on hook notifications

security considerations

Replace CI resource types with hardened image

@svenaas svenaas requested a review from a team February 12, 2024 17:22
apburnes
apburnes previously requested changes Feb 16, 2024
View reviewed changes
Copy link
Contributor

@apburnes apburnes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Make sure to also add the hardened git resource for the staging and production pipelines.

@svenaas
Copy link
Contributor Author

svenaas commented Feb 16, 2024

@apburnes Thanks for that review — that was a specific detail I was unsure of. I believe I've addressed all of the pr-((git-branch)) instances that needed to be removed.

@svenaas
Copy link
Contributor Author

svenaas commented Feb 16, 2024

@apburnes Thanks for that review — that was a specific detail I was unsure of. I believe I've addressed all of the pr-((git-branch)) instances that needed to be removed.

(There are more in the dev pipeline, but in a PR context, I believe.)

@svenaas
Copy link
Contributor Author

svenaas commented Feb 16, 2024

Make sure to also add the hardened git resource for the staging and production pipelines.

Not sure which one you mean. cogito is removed and github-pr-resource is added in those pipelines. Do we need git-resource also?

@svenaas
Copy link
Contributor Author

svenaas commented Feb 16, 2024

I think I've addressed every comment except for the following, about which my open question is below:

Make sure to also add the hardened git resource for the staging and production pipelines.

Not sure which one you mean. cogito is removed and github-pr-resource is added in those pipelines. Do we need git-resource also?

@apburnes apburnes force-pushed the update-resources branch 3 times, most recently from ca9421f to 5590c02 Compare February 16, 2024 21:09
@svenaas
Copy link
Contributor Author

svenaas commented Feb 16, 2024

Thanks for swinging in on this!

@svenaas
Copy link
Contributor Author

svenaas commented Feb 16, 2024

Noticing I didn't include "(#4384)" in the original commit message, but maybe we can let that be.

@svenaas
Copy link
Contributor Author

svenaas commented Feb 16, 2024

Noticing I didn't include "(#4384)" in the original commit message

That would be because this PR is #4383 and I would have had to time travel. Which git rebase -i allows...

@apburnes apburnes requested review from drewbo and apburnes and removed request for apburnes February 16, 2024 21:59
@apburnes apburnes merged commit 3247e99 into main Feb 16, 2024
8 checks passed
@apburnes apburnes deleted the update-resources branch February 16, 2024 22:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drewbo drewbo drewbo approved these changes

@apburnes apburnes apburnes left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Replace docker resource types with hardened images for pipelines (core)
3 participants
@svenaas @apburnes @drewbo