Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(security): Add provenance #671

Merged
merged 1 commit into from
Apr 3, 2024
Merged

feat(security): Add provenance #671

merged 1 commit into from
Apr 3, 2024

Conversation

AaronDewes
Copy link
Contributor

This help increase trust in the builds on NPM by showing they were indeed generated from the same source code as this repository contains.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 3, 2024

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

@wolfy1339 wolfy1339 added the Type: Maintenance Any dependency, housekeeping, and clean up Issue or PR label Apr 3, 2024
@wolfy1339
Copy link
Member

I think it would be wise to backport this for 5.x releases as well, as that is what is used be Probot

@wolfy1339 wolfy1339 merged commit 1c2bd25 into octokit:main Apr 3, 2024
9 checks passed
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 3, 2024

🎉 This PR is included in version 6.1.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@AaronDewes
Copy link
Contributor Author

I think it would be wise to backport this for 5.x releases as well, as that is what is used be Probot

I don't think that's necessary, provenance is not that important, and hopefully, we'll be able to update Probot soon.

wolfy1339 pushed a commit that referenced this pull request Apr 5, 2024
@AaronDewes @wolfy1339
feat(security): Add provenance (#671)
0e2915b
This was referenced May 22, 2024
Open
Open
@q1blue q1blue mentioned this pull request Jun 17, 2024
Open
@AaronDewes AaronDewes deleted the provenance branch July 11, 2024 22:10
@snyk-io snyk-io bot mentioned this pull request Jul 16, 2024
Open
This was referenced Jul 18, 2024
Open
Open
@AliceSof AliceSof mentioned this pull request Aug 6, 2024
Open
@WontonSam WontonSam mentioned this pull request Sep 8, 2024
Open
@q1blue q1blue mentioned this pull request Sep 8, 2024
Open
@AliceSof AliceSof mentioned this pull request Sep 11, 2024
Open
@q1blue q1blue mentioned this pull request Sep 13, 2024
Open
This was referenced Sep 16, 2024
Open
Open
@q1blue q1blue mentioned this pull request Sep 20, 2024
Open
@WontonSam WontonSam mentioned this pull request Sep 21, 2024
Open
@q1blue q1blue mentioned this pull request Sep 22, 2024
Open
@WontonSam WontonSam mentioned this pull request Sep 23, 2024
Open
@AliceSof AliceSof mentioned this pull request Sep 25, 2024
Open
@WontonSam WontonSam mentioned this pull request Sep 27, 2024
Open
@WontonSam WontonSam mentioned this pull request Sep 28, 2024
Open
@WontonSam WontonSam mentioned this pull request Oct 6, 2024
Open
@security123team security123team mentioned this pull request Oct 21, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wolfy1339 wolfy1339 wolfy1339 approved these changes

Assignees
No one assigned
Labels
released Type: Maintenance Any dependency, housekeeping, and clean up Issue or PR
Projects
🧰 Octokit Active
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AaronDewes @wolfy1339