-
Notifications
You must be signed in to change notification settings - Fork 0
/
third-party-github-actions.html
18 lines (17 loc) · 8.67 KB
/
third-party-github-actions.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
<!DOCTYPE html><html lang="de-ch"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Third-party GitHub Actions - Finecloud</title><meta name="description" content="Today I came across these steps to guide our decision-making process, before using a 3rd Part GitHub Action:"><meta name="generator" content="Publii Open-Source CMS for Static Site"><link rel="stylesheet" href="https://www.finecloud.ch/media/plugins/syntaxHighlighter/prism-black.css"><link rel="canonical" href="https://www.finecloud.ch/third-party-github-actions.html"><link rel="alternate" type="application/atom+xml" href="https://www.finecloud.ch/feed.xml"><link rel="alternate" type="application/json" href="https://www.finecloud.ch/feed.json"><meta property="og:title" content="Third-party GitHub Actions"><meta property="og:site_name" content="Finecloud"><meta property="og:description" content="Today I came across these steps to guide our decision-making process, before using a 3rd Part GitHub Action:"><meta property="og:url" content="https://www.finecloud.ch/third-party-github-actions.html"><meta property="og:type" content="article"><link rel="shortcut icon" href="https://www.finecloud.ch/media/website/finecloud.png" type="image/png"><link rel="stylesheet" href="https://www.finecloud.ch/assets/css/style.css?v=39da73365516a098a9b73b721fc970e2"><script type="application/ld+json">{"@context":"http://schema.org","@type":"Article","mainEntityOfPage":{"@type":"WebPage","@id":"https://www.finecloud.ch/third-party-github-actions.html"},"headline":"Third-party GitHub Actions","datePublished":"2024-04-08T20:50","dateModified":"2024-04-08T20:50","description":"Today I came across these steps to guide our decision-making process, before using a 3rd Part GitHub Action:","author":{"@type":"Person","name":"Finecloud","url":"https://www.finecloud.ch/authors/finecloud/"},"publisher":{"@type":"Organization","name":"Finecloud"}}</script><meta name="google-site-verification" content="seFY9U12uiEq5U3_MyZiX6XWzk0AVFl9zITr2ZKsytY"></head><body><div class="site-container"><header class="top" id="js-header"><a class="logo" href="https://www.finecloud.ch/">Finecloud</a><nav class="navbar js-navbar"><button class="navbar__toggle js-toggle" aria-label="Menu" aria-haspopup="true" aria-expanded="false"><span class="navbar__toggle-box"><span class="navbar__toggle-inner">Menu</span></span></button><ul class="navbar__menu"><li><a href="https://www.finecloud.ch/" target="_self">Blog</a></li><li><a href="https://www.finecloud.ch/tags/" target="_self">Tags</a></li></ul></nav><div class="search"><div class="search__overlay js-search-overlay"><div class="search__overlay-inner"><form action="https://www.finecloud.ch/search.html" class="search__form"><input class="search__input js-search-input" type="search" name="q" placeholder="search..." aria-label="search..." autofocus="autofocus"></form><button class="search__close js-search-close" aria-label="Close">Close</button></div></div><button class="search__btn js-search-btn" aria-label="Search"><svg role="presentation" focusable="false"><use xlink:href="https://www.finecloud.ch/assets/svg/svg-map.svg#search"/></svg></button></div></header><main><article class="post"><div class="hero"><figure class="hero__image hero__image--overlay"><img src="https://www.finecloud.ch/media/website/download.jpg" srcset="https://www.finecloud.ch/media/website/responsive/download-xs.jpg 300w, https://www.finecloud.ch/media/website/responsive/download-sm.jpg 480w, https://www.finecloud.ch/media/website/responsive/download-md.jpg 768w, https://www.finecloud.ch/media/website/responsive/download-lg.jpg 1024w, https://www.finecloud.ch/media/website/responsive/download-xl.jpg 1360w, https://www.finecloud.ch/media/website/responsive/download-2xl.jpg 1600w" sizes="100vw" loading="eager" alt=""></figure><header class="hero__content"><div class="wrapper"><div class="post__meta"><time datetime="2024-04-08T20:50">April 8, 2024</time></div><h1>Third-party GitHub Actions</h1></div></header></div><div class="wrapper post__entry"><p>Today I came across these steps to guide our decision-making process, before using a 3rd Part GitHub Action:</p><ol><li><span style="color: var(--text-primary-color); font-family: var(--editor-font-family); font-size: 1em; font-weight: var(--font-weight-normal);">For simple tasks, avoid external GitHub Actions because the risk might outweigh the value. Maybe a simple curl could to it as well? 😉</span><br></li><li><span style="color: var(--text-primary-color); font-family: var(--editor-font-family); font-size: 1em; font-weight: var(--font-weight-normal);">Use GitHub Actions from Verified Creators because they follow a strict security review process.</span><br></li><li><span style="color: var(--text-primary-color); font-family: var(--editor-font-family); font-size: 1em; font-weight: var(--font-weight-normal);">Use the latest version of a GitHub Action because it might contain security fixes.</span><br></li><li><span style="color: var(--text-primary-color); font-family: var(--editor-font-family); font-size: 1em; font-weight: var(--font-weight-normal);">Think about GitHub Actions like dependencies: they need to be maintained and updated. Dependabot or Renovate can help here.</span><br></li><li><span style="color: var(--text-primary-color); font-family: var(--editor-font-family); font-size: 1em; font-weight: var(--font-weight-normal);">Think about disabling or limiting GitHub Actions for your organization(s) in Settings.</span><br></li><li><span style="color: var(--text-primary-color); font-family: var(--editor-font-family); font-size: 1em; font-weight: var(--font-weight-normal);">Have a PR process with multiple reviewers to avoid adding a malicious GitHub Action.</span><br></li></ol><p></p></div><footer class="wrapper post__footer"><p class="post__last-updated">This article was updated on April 8, 2024</p><ul class="post__tag"><li><a href="https://www.finecloud.ch/tags/github/">github</a></li><li><a href="https://www.finecloud.ch/tags/security/">security</a></li></ul><div class="post__share"></div></footer></article><nav class="post__nav"><div class="post__nav-inner"><div class="post__nav-prev"><svg width="1.041em" height="0.416em" aria-hidden="true"><use xlink:href="https://www.finecloud.ch/assets/svg/svg-map.svg#arrow-prev"/></svg> <a href="https://www.finecloud.ch/github-codespace.html" class="post__nav-link" rel="prev"><span>Previous</span> GitHub Codespace</a></div><div class="post__nav-next"><a href="https://www.finecloud.ch/github-classic-vs-fine-grained-personal-access-tokens.html" class="post__nav-link" rel="next"><span>Next</span> GitHub classic vs. fine-grained Personal Access Tokens </a><svg width="1.041em" height="0.416em" aria-hidden="true"><use xlink:href="https://www.finecloud.ch/assets/svg/svg-map.svg#arrow-next"/></svg></div></div></nav><div class="post__related related"><div class="wrapper"><h2 class="h5 related__title">You should also read:</h2><article class="related__item"><div class="feed__meta"><time datetime="2024-07-31T17:32" class="feed__date">Juli 31, 2024</time></div><h3 class="h1"><a href="https://www.finecloud.ch/github-classic-vs-fine-grained-personal-access-tokens.html">GitHub classic vs. fine-grained Personal Access Tokens</a></h3></article><article class="related__item"><div class="feed__meta"><time datetime="2024-04-05T21:02" class="feed__date">April 5, 2024</time></div><h3 class="h1"><a href="https://www.finecloud.ch/github-codespace.html">GitHub Codespace</a></h3></article></div></div></main><footer class="footer"><div class="footer__copyright"><p>Powered by Publii</p></div><button onclick="backToTopFunction()" id="backToTop" class="footer__bttop" aria-label="Back to top" title="Back to top"><svg><use xlink:href="https://www.finecloud.ch/assets/svg/svg-map.svg#toparrow"/></svg></button></footer></div><script>window.publiiThemeMenuConfig = {
mobileMenuMode: 'sidebar',
animationSpeed: 300,
submenuWidth: 'auto',
doubleClickTime: 500,
mobileMenuExpandableSubmenus: true,
relatedContainerForOverlayMenuSelector: '.top',
};</script><script defer="defer" src="https://www.finecloud.ch/assets/js/scripts.min.js?v=6ca8b60e6534a3888de1205e82df8528"></script><script>var images = document.querySelectorAll('img[loading]');
for (var i = 0; i < images.length; i++) {
if (images[i].complete) {
images[i].classList.add('is-loaded');
} else {
images[i].addEventListener('load', function () {
this.classList.add('is-loaded');
}, false);
}
}</script><script defer="defer" src="https://www.finecloud.ch/media/plugins/syntaxHighlighter/prism.js"></script></body></html>