Comments (9)
Strong +1 from me! Removing external dependencies in favor of gh
invocations will improve our CI/CD's security profile (and will decrease the number of hops needed when a workflow regresses or breaks).
from brew.
What actions do you have in mind?
Mainly the ones that simple and/or are attached to a single user rather than a reputable organisation e.g. github/actions/ruby/etc.
Looking at the list of approved ones the ones that probably should be investigated for replacing are:
- dessant/lock-threads@*
- peter-evans/*
- reitermarkus/*
and removing:
- Vampire/setup-wsl@*,
from brew.
Octokit.js is better for testing over gh
, but am ok with gh
to unblock anything.
What actions do you have in mind? We could make a ruby/setup-ruby
that uses Portable Ruby. Anything else?
from brew.
Octokit.js is better for testing over
gh
Ah misread this for writing new actions. In that case yeah if we're just replacing workflow steps then for most of the above gh
makes sense!
from brew.
removing: Vampire/setup-wsl@*
This is used in the Homebrew/install for testing the install on a Windows runner. Do we not need that anymore? Or can we hack something together ourselves.
from brew.
We might be able to do something that uses WSL2 (GitHub runners use WSL1 by default, which we technically have dropped support for) now that nested virtualisation is now supported on Windows runners.
from brew.
Do we not need that anymore? Or can we hack something together ourselves.
Not enough to warrant the security implications.
Either hack it ourselves or, more likely, just not bother testing WSL.
from brew.
I've handled WSL given I've had plenty experience using it and running the various commands: Homebrew/install#859
from brew.
I'd say this is pretty much done now, thanks all.
from brew.
Related Issues (20)
- “Error: comparison of PkgVersion with String failed” when running `brew upgrade` HOT 3
- brew upgrade or install fails with comparison of PkgVersion with String HOT 1
- Brew link step fail if installing multiple formulae with common symlink using a system with symlinked /home HOT 6
- golang not update to 1.23.0 HOT 2
- Happened ruby runtime error on macOS Sequoia HOT 2
- Homebrew no longer correctly reads `HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN` from /etc/homebrew/brew.env
- environment file variables are not honored
- `brew install` call `gh attestation verify` Disrespect `XDG_CACHE_HOME` HOT 3
- Fix failing tests and write other tests as well HOT 1
- Suggest to change the way to read file in export_homebrew_env_file HOT 4
- Add a more customizable ENV file loading process HOT 2
- Download does not start immediately, a lot of network traffic (file is downloaded twice?) HOT 5
- macos sequoia 15.1 : We do not provide support for this pre-release version. HOT 4
- `brew upgrade -s` does not build from source or error out HOT 7
- [Intentional or bug?] v4.3.19 `brew list` now outputs single column lists HOT 3
- MariaDB fails to start on Debian 12 HOT 3
- Document cryptographic signature usage for authenticity HOT 2
- Forbid using some formulas provided by macOS HOT 7
- Docker images have expired key for github cli packages HOT 9
- update-python-resources munges`--extra-packages` if it's a URL HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from brew.