kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-04 09:25:46 +03:00
Code Issues Packages Projects Releases Wiki Activity
25,773 Commits 1 Branch 0 Tags
e1333eb9f622c10db2ff20eeddfd7abafff8a8d4
Commit Graph

4 Commits

Author SHA1 Message Date
Tim Gross
b17c0f7ff9 GHA pinning updates (#18093) 
Trusted Supply Chain Component Registry (TSCCR) enforcement starts Monday and an
internal report shows our semgrep action is pinned to a version that's not
currently permitted. Update all the action versions to whatever's the new
hotness to maximum the time-to-live on these until we have automated pinning
setup.

Also version bumps our chromedriver action, which randomly broke upstream today.
 2023-07-28 11:49:57 -04:00
hc-github-team-es-release-engineering
e41b99b6d3 ci: finish migration from CCI to GHA (#17103) 
namely, these workflows:
  test-e2e, test-ui, and test-windows

extra-curricularly, as part of the overall
migration effort company-wide, this also includes
some standardization such as:
 * explicit permissions:read on various workflows
 * pinned action version shas (per https://github.com/hashicorp/security-public-tsccr)
 * actionlint, which among other things runs
   shellcheck on GHA run steps

Co-authored-by: emilymianeil <eneil@hashicorp.com>
Co-authored-by: Daniel Kimsey <daniel.kimsey@hashicorp.com>
 2023-06-02 14:35:55 -05:00
hashicorp-tsccr[bot]
1b7668c17f build: trusted workflow pinning (#16992) 
Co-authored-by: Tim Gross <tgross@hashicorp.com>
 2023-05-17 10:38:10 -04:00
Tim Gross
a1c4c8b0f7 lock closed issues and PRs after 120 days (#14824) 
When community members comment on long-closed issues, there's a number of
failure modes that make for a bad experience for them:

* Their comments are often missed entirely because notification settings make it
  impractical for most developers to read comments on inactive issues.

* In our experience, the problem is only rarely a regression; because failures
  are complex, totally different code paths can result in symptoms that initially
  appear to be the same but turn out to be completely different under close
  examination. This is particularly the case for issues fixed in very old
  versions (sometimes 2 or more years old).

The Terraform core team uses a bot that locks issues after only 30 days. But
because we typically close issues automatically on PR merge but don't have
rolling releases, it'd frequently happen that unrelease fixes will have locked
comments, which isn't a good experience either. I've looked through the pace of
releases since Nomad 0.9.0 and the longest window between releases was 3
months. Set the window for the lock bot to 120 days to give us plenty of
breathing room so it doesn't feel like we're shutting down discussion
prematurely.
 2022-10-06 16:18:00 -04:00