facebook/react-native
1
125.7k
Fork 0
mirror of https://github.com/facebook/react-native.git synced 2026-04-01 07:08:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
32,350 Commits 739 Branches 664 Tags
37d1e8e7a06d00a212bbf95ddc70ec106ea11b23
Commit Graph

7 Commits

Author SHA1 Message Date
Nicola Corti
37d1e8e7a0 Act as @react-native-bot on all the actions (#45480) 
Summary:
Pull Request resolved: https://github.com/facebook/react-native/pull/45480

We currently use the default GITHUB_ACTION which makes a lot of interaction
appear as user "GitHub Actions". Instead we could use the `REACT_NATIVE_BOT_GITHUB_TOKEN`
which we have as secret so the bot will actually perform the actions.

Changelog:
[Internal] [Changed] - Act as react-native-bot on all the actions

Reviewed By: cipolleschi

Differential Revision: D59815201

fbshipit-source-id: 702b121ec07d0db10abf25e23f7ddf5658dd5d62
 2024-07-17 03:27:12 -07:00
m-nakamura145
dd4f15bf08 chore: Bump actions/checkout (#42952) 
Summary:
GitHub is [planning to upgrade to Node 20](https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/). Versions prior to actions/checkout v3 use an outdated version of node, so we will upgrade to actions/checkout v4, where [Node 20 is the default](https://github.com/actions/checkout/releases/tag/v4.0.0).

## Changelog:

<!-- Help reviewers and the release process by writing your own changelog entry.

chore: Bump actions/checkout

Pick one each for the category and type tags:

[INTERNAL] [FIXED] - chore: Bump actions/checkout

For more details, see:
https://reactnative.dev/contributing/changelogs-in-pull-requests
-->
[INTERNAL] [FIXED] - chore: Bump actions/checkout

Pull Request resolved: https://github.com/facebook/react-native/pull/42952

Reviewed By: cipolleschi

Differential Revision: D53655117

Pulled By: cortinico

fbshipit-source-id: 7c05e6ac2cb71c9d20c0b28b183cada6856f0a2d
 2024-02-12 02:12:40 -08:00
Pranav Yadav
e944bd7115 Bump autorebase.yml to v1.8 (#37584) 
Summary:
`cirrus-actions/rebase` `v.1.8` fixes number of bugs.
`v1.8` Changelog: https://github.com/cirrus-actions/rebase/releases/tag/1.8
See: https://github.com/cirrus-actions/rebase

## Changelog:

[GENERAL] [SECURITY] - [Actions] Bump `autorebase.yml` to `v1.8`

Pull Request resolved: https://github.com/facebook/react-native/pull/37584

Test Plan: - `/rebase` comment should rebase the PR as usual.

Reviewed By: rshest

Differential Revision: D46264711

Pulled By: cipolleschi

fbshipit-source-id: 49974e5c1841c0af3637cf5bdbcde9e79ea0e671
 2023-06-07 04:42:32 -07:00
Pranav Yadav
abddf14bf1 chore: bump actions/checkout to v3 (#36937) 
Summary:
A recent [Rebase run](https://github.com/facebook/react-native/actions/runs/4724279197/jobs/8381306851) gave following warning:
>Node.js 12 actions are *deprecated*. Please update the following actions to use Node.js 16: actions/checkout@v2. For more information see: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/.

So, it makes sense to upgrade to `actions/checkout@v3`.

## Changelog:

[GENERAL] [SECURITY] - Bump `actions/checkout` to `v3`

Pull Request resolved: https://github.com/facebook/react-native/pull/36937

Test Plan: - ci should be green + the `/rebase` command works as usual.

Reviewed By: rshest

Differential Revision: D45079793

Pulled By: cortinico

fbshipit-source-id: 49e654cf15f6ae7208bf8b277a194ace3fa62aa0
 2023-04-18 06:49:37 -07:00
Nicola Corti
a88f805227 Make autorebase less restrictive (#34848) 
Summary:
Currently the autorebase feature doesn't work because it fails the `if` validation due to how we distribute permissions.

For now I'm making this action less restricted. We can tweak it if we notice abuse.
Config now is the same as https://github.com/cirrus-actions/rebase

## Changelog

[Internal] - Make autorebase less restrictive

Pull Request resolved: https://github.com/facebook/react-native/pull/34848

Test Plan: Nothing to test

Reviewed By: cipolleschi

Differential Revision: D40022304

Pulled By: cortinico

fbshipit-source-id: 74270b47c61267484c073706fa900f22b3569a94
 2022-10-03 08:13:07 -07:00
Alex
a5cf3a46ab GitHub Workflows security hardening (#34541) 
Summary:
Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com>

This PR adds explicit [permissions section](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions) to workflows. This is a security best practice because by default workflows run with [extended set of permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) (except from `on: pull_request` [from external forks](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)). By specifying any permission explicitly all others are set to none. By using the principle of least privilege the damage a compromised workflow can do (because of an [injection](https://securitylab.github.com/research/github-actions-untrusted-input/) or compromised third party tool or action) is restricted.
It is recommended to have [most strict permissions on the top level](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions) and grant write permissions on [job level](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs) case by case.

## Changelog

<!-- Help reviewers and the release process by writing your own changelog entry. For an example, see:
https://reactnative.dev/contributing/changelogs-in-pull-requests
-->

[Internal] [Added] - Explicit security permission definitions in autorebase workflow

Pull Request resolved: https://github.com/facebook/react-native/pull/34541

Reviewed By: cipolleschi

Differential Revision: D39544656

Pulled By: cortinico

fbshipit-source-id: 4918ee83fab7172a1d98689f10102fe2db2b17b7
 2022-09-15 09:31:41 -07:00
Nicola Corti
da961f480b Setup Automatic Rebase given a /rebase comment (#34369) 
Summary:
This is a nit, but at least will help us reduce requests to rebase for PRs which maybe have a broken CI due to a stale base commit.

I've limited the scope to members and owners. A `/rebase` will trigger a rebase authored by Github Action bot.

We can play a bit around with it, and remove it if it doesn't really work well for us.

## Changelog

[Internal] - Setup Automatic Rebase given a /rebase comment

Pull Request resolved: https://github.com/facebook/react-native/pull/34369

Test Plan: Nothing to test here.

Reviewed By: cipolleschi

Differential Revision: D38509480

Pulled By: cortinico

fbshipit-source-id: 1df3927638b162d4a787c81372a835d583159498
 2022-08-09 04:38:56 -07:00