ci security#1618
Conversation
jchristgit
commented
Jun 4, 2026
jchristgit
commented
- Set dependency cooldown
- Do not persist credentials from checkout
- Prevent code injection via actions variables
- Pin GitHub actions
❌ Deploy Preview for pydis-static failed. Why did it fail? →
|
|
Hey Joe, can we fast track this? |
| echo "pr_source=$(jq -r '.head.label // empty' pull_request_payload.json)" >> $GITHUB_OUTPUT | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| GITHUB_EVENT_WORKFLOW_RUN_ARTIFACTS_URL: ${{ github.event.workflow_run.artifacts_url }} |
There was a problem hiding this comment.
How does using an environment variable improve our security posture?
There was a problem hiding this comment.
Good morning Mark,
using an environment variable improves our security posture because it cements Python Discord's commitment to the environment. In times of massive energy expenditure by LLMs, it is important for us to make a statement on how we love the environment.
In other words, I have no idea. zizmor suggested it.
| cooldown: | ||
| default-days: 7 |
| uses: actions/checkout@v6 | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | ||
| with: | ||
| persist-credentials: false |
There was a problem hiding this comment.
Didn't even know it did this by default. Wow!
|
Hey Mark, thanks, KING, for the review. Joe and Chris (named in reverse alphabetical order, not in order of preference) have mocked me when I brought this PR up - SAD! Clearly they don't understand that every second this is not merged, Python Discord Site is BLEEDING! I have already called up by second best man, one of my vice best men, maybe even the BEST - many contributors are saying this! - and he said "Mr. Rottweiler, what you are building, it is INCREDIBLE" - yet the RADICAL LEFT PYTHON DISCORD DEVOPS TEAM wants to CANCEL my suggestions, the ones I made for ABSOLUTELY NO COST to them - WHY? Is it because sleepy christopher (note the LOWERCASE, because he isn't as great as me!) wants our CI pipelines to be run by Claude instead, claiming that wrapping his prompts in XML tags will prevent any CI security issue ??? UTTERLY DERANGED! Sleepy christopher has known for years that he needs HUMAN intelligence to succeed, yet he continues to push ARTIFICIAL INTELLIGENCE, which is neither intelligent, nor has it produced ANYTHING of value! Matter of fact, I am about to go visit my GLORIOUS BATHROOM - I redid it after sleepy christopher moved out, because he has NO TASTE - and I am going to produce something similar to sleepy christopher's "intelligence" - A PILE OF POOP! But, in stark contrast to sleepy christopher's WASTEFUL, ENVIRONMENTALLY UNFRIENDLY pile of crap, which took a bunch of so-called "LLM architects" (WHAT THE FUCK DOES THIS MEAN?) to "build" (sitting in one of those hipster coffees with their computer named after a fruit), MY PILE OF CRAP IS USEFUL, because I am going to distribute it in my garden, and my plants will LOVE IT! Many plants are saying this - my yoghurt-filled, PERFECTLY ROUND stomach produces the VERY BEST dung! Sleepy christopher thinks I'm disgusting, but what I think is disgusting is his posture on security - and matter of fact, together with STINKY joe (he stinks so bad, REAL BAD!), they both have the working posture of a SHRIMP WITH SCOLIOSIS! Thanks |
|
By the way, SLOW pre-commit (slower than my BELOVED tortoise, Maxwell II), is complaining about an "issue" which makes NO SENSE - |
|
Hi, your pipeline is failing. |
|
Super weird... apparently the CI is running on this commit 8bb2179 which is a broken merge (hence the duplicate key)... But that's not the tip of the |
|
OK, I see... |
4 participants
