Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: authoring CI workflows for trestle-bot section in contributing guide #374

Merged
merged 3 commits into from
Nov 7, 2024
Merged

docs: authoring CI workflows for trestle-bot section in contributing guide #374

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c7971be
docs: add CI workflows to contributing guide
hbraswelrh Oct 28, 2024
8ccfa41
docs: applying suggestions from code review for authoring CI workflows
hbraswelrh Nov 1, 2024
95125e4
Merge branch 'main' into 317-add-a-section-in-the-contributingmd-to-d…
hbraswelrh Nov 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Before you start contributing, please take a moment to read through the guide be
- [Documentation](#documentation)
- [Architecture Decisions](#architecture-decisions)
- [Update the `actions` files](#update-the-actions-files)
- [Authoring CI Workflows](#authoring-ci-workflows)
- [License Text in Files](#license-text-in-files)
- [Tools](#tools)
- [Format and Styling](#format-and-styling)
Expand Down Expand Up @@ -97,7 +98,18 @@ Each `README.md` under the `actions` directory have an Actions Inputs and Action
make update-action-readmes
```

### License Text in Files
#### Authoring CI Workflows

The CI workflows for trestle-bot leverage third party actions pinned to a hash value which is updated by `dependabot.yml`. The purpose of pinning actions to a full length commit SHA is to ensure that action repository privileges are secure. Actions that are pinned to full length commit SHAs act as immutable releases which allow for distinction between versions and an accurate history log. When selecting a commit SHA to include, the SHA value that is associated with the version of the action should be chosen from the associated action's repository. Dependabot checks for the action's reference against the latest version ensuring a secure and consistent approach to managing dependencies and version updating.
hbraswelrh marked this conversation as resolved.
Show resolved Hide resolved

To generate a pin for a third party action, there should be a full length commit SHA associated with the version of the action being referenced. The pin used is the full length SHA, tag, or branch that dependabot will reference when updating dependencies and bumping versions.
hbraswelrh marked this conversation as resolved.
Show resolved Hide resolved

- The syntax for a specified action is: `OWNER/REPOSITORY@TAG-OR-SHA`.
- The syntax for a specified reusable workflow is: `OWNER/REPOSITORY/PATH/FILENAME@TAG-OR-SHA`.

This approach is used for authoring CI workflows that utilize versioned actions to produce frequent updates from dependabot for python and GitHub Actions.

### License Text in Files

Please use the SPDX license identifier in all source files.

Expand Down