Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[StepSecurity] ci: Harden GitHub Actions #13725

Merged
merged 12 commits into from
Jan 15, 2025
Merged

[StepSecurity] ci: Harden GitHub Actions #13725

merged 12 commits into from
Jan 15, 2025

Conversation

step-security-bot
Copy link
Contributor

Summary

This pull request is created by StepSecurity at the request of @csiefer2. Please merge the Pull Request to incorporate the requested changes. Please tag @csiefer2 on your message if you have any questions related to the PR.

Security Fixes

Pinned Dependencies

GitHub Action tags and Docker tags are mutable. This poses a security risk. GitHub's Security Hardening guide recommends pinning actions to full length commit.

Feedback

For bug reports, feature requests, and general feedback; please email support@stepsecurity.io. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot bot@stepsecurity.io

trilinos-autotester and others added 12 commits October 11, 2024 23:24
@trilinos-autotester
Merge Pull Request trilinos#13525 from trilinos/Trilinos/master_merge…
5665193 
…_20241011_175835

Automatically Merged using Trilinos Master Merge AutoTester
PR Title: b'Trilinos Master Merge PR Generator: Auto PR created to promote from master_merge_20241011_175835 branch to master'
PR Author: trilinos-autotester
@trilinos-autotester
Merge Pull Request trilinos#13541 from trilinos/Trilinos/master_merge…
fb58dc8 
…_20241018_175856

Automatically Merged using Trilinos Master Merge AutoTester
PR Title: b'Trilinos Master Merge PR Generator: Auto PR created to promote from master_merge_20241018_175856 branch to master'
PR Author: trilinos-autotester
@trilinos-autotester
Merge Pull Request trilinos#13551 from trilinos/Trilinos/master_merge…
e7fd307 
…_20241025_175850

Automatically Merged using Trilinos Master Merge AutoTester
PR Title: b'Trilinos Master Merge PR Generator: Auto PR created to promote from master_merge_20241025_175850 branch to master'
PR Author: trilinos-autotester
@trilinos-autotester
Merge Pull Request trilinos#13568 from trilinos/Trilinos/master_merge…
017cae8 
…_20241101_175831

Automatically Merged using Trilinos Master Merge AutoTester
PR Title: b'Trilinos Master Merge PR Generator: Auto PR created to promote from master_merge_20241101_175831 branch to master'
PR Author: trilinos-autotester
@trilinos-autotester
Merge Pull Request trilinos#13584 from trilinos/Trilinos/master_merge…
8bded3a 
…_20241108_175812

Automatically Merged using Trilinos Master Merge AutoTester
PR Title: b'Trilinos Master Merge PR Generator: Auto PR created to promote from master_merge_20241108_175812 branch to master'
PR Author: trilinos-autotester
@trilinos-autotester
Merge Pull Request trilinos#13638 from trilinos/Trilinos/master_merge…
d7bee7c 
…_20241129_175819

Automatically Merged using Trilinos Master Merge AutoTester
PR Title: b'Trilinos Master Merge PR Generator: Auto PR created to promote from master_merge_20241129_175819 branch to master'
PR Author: trilinos-autotester
@trilinos-autotester
Merge Pull Request trilinos#13658 from trilinos/Trilinos/master_merge…
3e7486f 
…_20241206_175820

Automatically Merged using Trilinos Master Merge AutoTester
PR Title: b'Trilinos Master Merge PR Generator: Auto PR created to promote from master_merge_20241206_175820 branch to master'
PR Author: trilinos-autotester
@trilinos-autotester
Merge Pull Request trilinos#13670 from trilinos/Trilinos/master_merge…
7f913e3 
…_20241213_175815

Automatically Merged using Trilinos Master Merge AutoTester
PR Title: b'Trilinos Master Merge PR Generator: Auto PR created to promote from master_merge_20241213_175815 branch to master'
PR Author: trilinos-autotester
@trilinos-autotester
Merge Pull Request trilinos#13688 from trilinos/Trilinos/master_merge…
c4e1b93 
…_20241220_175822

Automatically Merged using Trilinos Master Merge AutoTester
PR Title: b'Trilinos Master Merge PR Generator: Auto PR created to promote from master_merge_20241220_175822 branch to master'
PR Author: trilinos-autotester
@trilinos-autotester
Merge Pull Request trilinos#13702 from trilinos/Trilinos/master_merge…
44c598a 
…_20250103_175815

Automatically Merged using Trilinos Master Merge AutoTester
PR Title: b'Trilinos Master Merge PR Generator: Auto PR created to promote from master_merge_20250103_175815 branch to master'
PR Author: trilinos-autotester
@trilinos-autotester
Merge Pull Request trilinos#13718 from trilinos/Trilinos/master_merge…
393d832 
…_20250110_175815

Automatically Merged using Trilinos Master Merge AutoTester
PR Title: b'Trilinos Master Merge PR Generator: Auto PR created to promote from master_merge_20250110_175815 branch to master'
PR Author: trilinos-autotester
@step-security-bot
[StepSecurity] ci: Pin dependencies
aaaf8ad 
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
@csiefer2 csiefer2 requested a review from achauphan January 15, 2025 16:16
@csiefer2 csiefer2 changed the base branch from master to develop January 15, 2025 16:16
@trilinos-autotester
Copy link
Contributor

Status Flag 'Pre-Test Inspection' - - This Pull Request Requires Inspection... The code must be inspected by a member of the Team before Testing/Merging
NO INSPECTION HAS BEEN PERFORMED ON THIS PULL REQUEST! - This PR must be inspected by setting label 'AT: PRE-TEST INSPECTED'.

@sebrowne sebrowne added the AT2-SpecialApprove (Beta) Special approval label for AT2. label Jan 15, 2025
@csiefer2 csiefer2 added AT: AUTOMERGE Causes the PR autotester to automatically merge the PR branch once approvals are completed AT: PRE-TEST INSPECTED Required to test outside contributions. This label alone will not allow a PR to merge. labels Jan 15, 2025
@trilinos-autotester trilinos-autotester removed the AT: PRE-TEST INSPECTED Required to test outside contributions. This label alone will not allow a PR to merge. label Jan 15, 2025
@trilinos-autotester
Copy link
Contributor

Status Flag 'Pre-Test Inspection' - SUCCESS: The last commit to this Pull Request has been INSPECTED by label AT: PRE-TEST INSPECTED! Autotester is Removing Label; this inspection will remain valid until a new commit to source branch is performed.

@trilinos-autotester
Copy link
Contributor

Status Flag 'Pull Request AutoTester' - Testing Jenkins Projects:

Pull Request Auto Testing STARTING (click to expand)

Build Information

Test Name: PR_gcc-openmpi-openmp

  • Build Num: 1013
  • Status: STARTED

Jenkins Parameters

Parameter Name Value
FORCE_CLEAN true
GENCONFIG_BUILD_NAME rhel8_sems-gnu-8.5.0-openmpi-4.1.6-openmp_release-debug_static_no-kokkos-arch_no-asan_no-complex_no-fpic_mpi_no-pt_no-rdc_no-uvm_deprecated-on_no-package-enables
PR_LABELS AT: AUTOMERGE;AT2-SpecialApprove
PULLREQUESTNUM 13725
PULLREQUEST_CDASH_TRACK Pull Request
TEST_REPO_ALIAS TRILINOS
TRILINOS_NODE_LABEL rhel8
TRILINOS_SOURCE_REPO https://github.com/step-security-bot/Trilinos
TRILINOS_SOURCE_SHA aaaf8ad
TRILINOS_SRN_CONFIG true
TRILINOS_TARGET_BRANCH develop
TRILINOS_TARGET_REPO https://github.com/trilinos/Trilinos
TRILINOS_TARGET_SHA dc20a30

Build Information

Test Name: PR_gcc

  • Build Num: 1063
  • Status: STARTED

Jenkins Parameters

Parameter Name Value
FORCE_CLEAN true
GENCONFIG_BUILD_NAME rhel8_sems-gnu-8.5.0-serial_release-debug_shared_no-kokkos-arch_no-asan_no-complex_no-fpic_no-mpi_no-pt_no-rdc_no-uvm_deprecated-on_no-package-enables
PR_LABELS AT: AUTOMERGE;AT2-SpecialApprove
PULLREQUESTNUM 13725
PULLREQUEST_CDASH_TRACK Pull Request
TEST_REPO_ALIAS TRILINOS
TRILINOS_NODE_LABEL rhel8
TRILINOS_SOURCE_REPO https://github.com/step-security-bot/Trilinos
TRILINOS_SOURCE_SHA aaaf8ad
TRILINOS_SRN_CONFIG true
TRILINOS_TARGET_BRANCH develop
TRILINOS_TARGET_REPO https://github.com/trilinos/Trilinos
TRILINOS_TARGET_SHA dc20a30

Build Information

Test Name: PR_gcc-openmpi_debug

  • Build Num: 1064
  • Status: STARTED

Jenkins Parameters

Parameter Name Value
FORCE_CLEAN true
GENCONFIG_BUILD_NAME rhel8_sems-gnu-8.5.0-openmpi-4.1.6-serial_debug_shared_no-kokkos-arch_no-asan_no-complex_no-fpic_mpi_no-pt_no-rdc_no-uvm_deprecated-on_no-package-enables
PR_LABELS AT: AUTOMERGE;AT2-SpecialApprove
PULLREQUESTNUM 13725
PULLREQUEST_CDASH_TRACK Pull Request
TEST_REPO_ALIAS TRILINOS
TRILINOS_NODE_LABEL rhel8
TRILINOS_SOURCE_REPO https://github.com/step-security-bot/Trilinos
TRILINOS_SOURCE_SHA aaaf8ad
TRILINOS_SRN_CONFIG true
TRILINOS_TARGET_BRANCH develop
TRILINOS_TARGET_REPO https://github.com/trilinos/Trilinos
TRILINOS_TARGET_SHA dc20a30

Build Information

Test Name: PR_clang

  • Build Num: 1062
  • Status: STARTED

Jenkins Parameters

Parameter Name Value
FORCE_CLEAN true
GENCONFIG_BUILD_NAME rhel8_sems-clang-11.0.1-openmpi-4.0.5-serial_release-debug_shared_no-kokkos-arch_no-asan_no-complex_no-fpic_mpi_no-pt_no-rdc_no-uvm_deprecated-on_no-package-enables
PR_LABELS AT: AUTOMERGE;AT2-SpecialApprove
PULLREQUESTNUM 13725
PULLREQUEST_CDASH_TRACK Pull Request
TEST_REPO_ALIAS TRILINOS
TRILINOS_NODE_LABEL rhel8
TRILINOS_SOURCE_REPO https://github.com/step-security-bot/Trilinos
TRILINOS_SOURCE_SHA aaaf8ad
TRILINOS_SRN_CONFIG true
TRILINOS_TARGET_BRANCH develop
TRILINOS_TARGET_REPO https://github.com/trilinos/Trilinos
TRILINOS_TARGET_SHA dc20a30

Build Information

Test Name: PR_cuda

  • Build Num: 1061
  • Status: STARTED

Jenkins Parameters

Parameter Name Value
FORCE_CLEAN true
GENCONFIG_BUILD_NAME rhel8_sems-cuda-11.4.2-gnu-10.1.0-openmpi-4.1.6_release_static_Volta70_no-asan_complex_no-fpic_mpi_pt_no-rdc_no-uvm_deprecated-on_no-package-enables
PR_LABELS AT: AUTOMERGE;AT2-SpecialApprove
PULLREQUESTNUM 13725
PULLREQUEST_CDASH_TRACK Pull Request
TEST_REPO_ALIAS TRILINOS
TRILINOS_NODE_LABEL rhel8-gpu
TRILINOS_SOURCE_REPO https://github.com/step-security-bot/Trilinos
TRILINOS_SOURCE_SHA aaaf8ad
TRILINOS_SRN_CONFIG true
TRILINOS_TARGET_BRANCH develop
TRILINOS_TARGET_REPO https://github.com/trilinos/Trilinos
TRILINOS_TARGET_SHA dc20a30

Build Information

Test Name: PR_intel

  • Build Num: 982
  • Status: STARTED

Jenkins Parameters

Parameter Name Value
FORCE_CLEAN true
GENCONFIG_BUILD_NAME rhel8_sems-intel-2021.3-sems-openmpi-4.1.6_release-debug_shared_no-kokkos-arch_no-asan_no-complex_fpic_mpi_no-pt_no-rdc_no-uvm_deprecated-on_no-package-enables
PR_LABELS AT: AUTOMERGE;AT2-SpecialApprove
PULLREQUESTNUM 13725
PULLREQUEST_CDASH_TRACK Pull Request
TEST_REPO_ALIAS TRILINOS
TRILINOS_NODE_LABEL rhel8
TRILINOS_SOURCE_REPO https://github.com/step-security-bot/Trilinos
TRILINOS_SOURCE_SHA aaaf8ad
TRILINOS_SRN_CONFIG true
TRILINOS_TARGET_BRANCH develop
TRILINOS_TARGET_REPO https://github.com/trilinos/Trilinos
TRILINOS_TARGET_SHA dc20a30

Build Information

Test Name: PR_cuda-uvm

  • Build Num: 1061
  • Status: STARTED

Jenkins Parameters

Parameter Name Value
FORCE_CLEAN true
GENCONFIG_BUILD_NAME rhel8_sems-cuda-11.4.2-gnu-10.1.0-openmpi-4.1.6_release_static_Volta70_no-asan_complex_no-fpic_mpi_pt_no-rdc_uvm_deprecated-on_no-package-enables
PR_LABELS AT: AUTOMERGE;AT2-SpecialApprove
PULLREQUESTNUM 13725
PULLREQUEST_CDASH_TRACK Pull Request
TEST_REPO_ALIAS TRILINOS
TRILINOS_NODE_LABEL rhel8
TRILINOS_SOURCE_REPO https://github.com/step-security-bot/Trilinos
TRILINOS_SOURCE_SHA aaaf8ad
TRILINOS_SRN_CONFIG true
TRILINOS_TARGET_BRANCH develop
TRILINOS_TARGET_REPO https://github.com/trilinos/Trilinos
TRILINOS_TARGET_SHA dc20a30

Using Repos:

Repo: TRILINOS (step-security-bot/Trilinos)
  • Branch: stepsecurity_remediation_1736957751
  • SHA: aaaf8ad
  • Mode: TEST_REPO

Pull Request Author: step-security-bot

@trilinos-autotester
Copy link
Contributor

Status Flag 'Pull Request AutoTester' - Jenkins Testing: all Jobs PASSED

Pull Request Auto Testing has PASSED (click to expand)

Build Information

Test Name: PR_gcc-openmpi-openmp

  • Build Num: 1013
  • Status: PASSED

Jenkins Parameters

Parameter Name Value
FORCE_CLEAN true
GENCONFIG_BUILD_NAME rhel8_sems-gnu-8.5.0-openmpi-4.1.6-openmp_release-debug_static_no-kokkos-arch_no-asan_no-complex_no-fpic_mpi_no-pt_no-rdc_no-uvm_deprecated-on_no-package-enables
PR_LABELS AT: AUTOMERGE;AT2-SpecialApprove
PULLREQUESTNUM 13725
PULLREQUEST_CDASH_TRACK Pull Request
TEST_REPO_ALIAS TRILINOS
TRILINOS_NODE_LABEL rhel8
TRILINOS_SOURCE_REPO https://github.com/step-security-bot/Trilinos
TRILINOS_SOURCE_SHA aaaf8ad
TRILINOS_SRN_CONFIG true
TRILINOS_TARGET_BRANCH develop
TRILINOS_TARGET_REPO https://github.com/trilinos/Trilinos
TRILINOS_TARGET_SHA dc20a30

Build Information

Test Name: PR_gcc

  • Build Num: 1063
  • Status: PASSED

Jenkins Parameters

Parameter Name Value
FORCE_CLEAN true
GENCONFIG_BUILD_NAME rhel8_sems-gnu-8.5.0-serial_release-debug_shared_no-kokkos-arch_no-asan_no-complex_no-fpic_no-mpi_no-pt_no-rdc_no-uvm_deprecated-on_no-package-enables
PR_LABELS AT: AUTOMERGE;AT2-SpecialApprove
PULLREQUESTNUM 13725
PULLREQUEST_CDASH_TRACK Pull Request
TEST_REPO_ALIAS TRILINOS
TRILINOS_NODE_LABEL rhel8
TRILINOS_SOURCE_REPO https://github.com/step-security-bot/Trilinos
TRILINOS_SOURCE_SHA aaaf8ad
TRILINOS_SRN_CONFIG true
TRILINOS_TARGET_BRANCH develop
TRILINOS_TARGET_REPO https://github.com/trilinos/Trilinos
TRILINOS_TARGET_SHA dc20a30

Build Information

Test Name: PR_gcc-openmpi_debug

  • Build Num: 1064
  • Status: PASSED

Jenkins Parameters

Parameter Name Value
FORCE_CLEAN true
GENCONFIG_BUILD_NAME rhel8_sems-gnu-8.5.0-openmpi-4.1.6-serial_debug_shared_no-kokkos-arch_no-asan_no-complex_no-fpic_mpi_no-pt_no-rdc_no-uvm_deprecated-on_no-package-enables
PR_LABELS AT: AUTOMERGE;AT2-SpecialApprove
PULLREQUESTNUM 13725
PULLREQUEST_CDASH_TRACK Pull Request
TEST_REPO_ALIAS TRILINOS
TRILINOS_NODE_LABEL rhel8
TRILINOS_SOURCE_REPO https://github.com/step-security-bot/Trilinos
TRILINOS_SOURCE_SHA aaaf8ad
TRILINOS_SRN_CONFIG true
TRILINOS_TARGET_BRANCH develop
TRILINOS_TARGET_REPO https://github.com/trilinos/Trilinos
TRILINOS_TARGET_SHA dc20a30

Build Information

Test Name: PR_clang

  • Build Num: 1062
  • Status: PASSED

Jenkins Parameters

Parameter Name Value
FORCE_CLEAN true
GENCONFIG_BUILD_NAME rhel8_sems-clang-11.0.1-openmpi-4.0.5-serial_release-debug_shared_no-kokkos-arch_no-asan_no-complex_no-fpic_mpi_no-pt_no-rdc_no-uvm_deprecated-on_no-package-enables
PR_LABELS AT: AUTOMERGE;AT2-SpecialApprove
PULLREQUESTNUM 13725
PULLREQUEST_CDASH_TRACK Pull Request
TEST_REPO_ALIAS TRILINOS
TRILINOS_NODE_LABEL rhel8
TRILINOS_SOURCE_REPO https://github.com/step-security-bot/Trilinos
TRILINOS_SOURCE_SHA aaaf8ad
TRILINOS_SRN_CONFIG true
TRILINOS_TARGET_BRANCH develop
TRILINOS_TARGET_REPO https://github.com/trilinos/Trilinos
TRILINOS_TARGET_SHA dc20a30

Build Information

Test Name: PR_cuda

  • Build Num: 1061
  • Status: PASSED

Jenkins Parameters

Parameter Name Value
FORCE_CLEAN true
GENCONFIG_BUILD_NAME rhel8_sems-cuda-11.4.2-gnu-10.1.0-openmpi-4.1.6_release_static_Volta70_no-asan_complex_no-fpic_mpi_pt_no-rdc_no-uvm_deprecated-on_no-package-enables
PR_LABELS AT: AUTOMERGE;AT2-SpecialApprove
PULLREQUESTNUM 13725
PULLREQUEST_CDASH_TRACK Pull Request
TEST_REPO_ALIAS TRILINOS
TRILINOS_NODE_LABEL rhel8-gpu
TRILINOS_SOURCE_REPO https://github.com/step-security-bot/Trilinos
TRILINOS_SOURCE_SHA aaaf8ad
TRILINOS_SRN_CONFIG true
TRILINOS_TARGET_BRANCH develop
TRILINOS_TARGET_REPO https://github.com/trilinos/Trilinos
TRILINOS_TARGET_SHA dc20a30

Build Information

Test Name: PR_intel

  • Build Num: 982
  • Status: PASSED

Jenkins Parameters

Parameter Name Value
FORCE_CLEAN true
GENCONFIG_BUILD_NAME rhel8_sems-intel-2021.3-sems-openmpi-4.1.6_release-debug_shared_no-kokkos-arch_no-asan_no-complex_fpic_mpi_no-pt_no-rdc_no-uvm_deprecated-on_no-package-enables
PR_LABELS AT: AUTOMERGE;AT2-SpecialApprove
PULLREQUESTNUM 13725
PULLREQUEST_CDASH_TRACK Pull Request
TEST_REPO_ALIAS TRILINOS
TRILINOS_NODE_LABEL rhel8
TRILINOS_SOURCE_REPO https://github.com/step-security-bot/Trilinos
TRILINOS_SOURCE_SHA aaaf8ad
TRILINOS_SRN_CONFIG true
TRILINOS_TARGET_BRANCH develop
TRILINOS_TARGET_REPO https://github.com/trilinos/Trilinos
TRILINOS_TARGET_SHA dc20a30

Build Information

Test Name: PR_cuda-uvm

  • Build Num: 1061
  • Status: PASSED

Jenkins Parameters

Parameter Name Value
FORCE_CLEAN true
GENCONFIG_BUILD_NAME rhel8_sems-cuda-11.4.2-gnu-10.1.0-openmpi-4.1.6_release_static_Volta70_no-asan_complex_no-fpic_mpi_pt_no-rdc_uvm_deprecated-on_no-package-enables
PR_LABELS AT: AUTOMERGE;AT2-SpecialApprove
PULLREQUESTNUM 13725
PULLREQUEST_CDASH_TRACK Pull Request
TEST_REPO_ALIAS TRILINOS
TRILINOS_NODE_LABEL rhel8
TRILINOS_SOURCE_REPO https://github.com/step-security-bot/Trilinos
TRILINOS_SOURCE_SHA aaaf8ad
TRILINOS_SRN_CONFIG true
TRILINOS_TARGET_BRANCH develop
TRILINOS_TARGET_REPO https://github.com/trilinos/Trilinos
TRILINOS_TARGET_SHA dc20a30


CDash Test Results for PR# 13725.

@trilinos-autotester
Copy link
Contributor

Status Flag 'Pre-Merge Inspection' - SUCCESS: The last commit to this Pull Request has been INSPECTED AND APPROVED by [ sebrowne ]!

@trilinos-autotester
Copy link
Contributor

Status Flag 'Pull Request AutoTester' - Pull Request will be Automerged

@trilinos-autotester trilinos-autotester merged commit 04fc992 into trilinos:develop Jan 15, 2025
11 of 16 checks passed
@trilinos-autotester
Copy link
Contributor

Merge on Pull Request# 13725: IS A SUCCESS - Pull Request successfully merged

@trilinos-autotester trilinos-autotester removed the AT: AUTOMERGE Causes the PR autotester to automatically merge the PR branch once approvals are completed label Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sebrowne sebrowne sebrowne approved these changes

@achauphan achauphan Awaiting requested review from achauphan

Assignees
No one assigned
Labels
AT2-SpecialApprove (Beta) Special approval label for AT2.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@step-security-bot @trilinos-autotester @sebrowne @csiefer2