Assess use of external action dtolnay@rust-toolchain in Mozilla's GitHub organization
Categories
(mozilla.org :: Github: Administration, task)
Tracking
(Not tracked)
People
(Reporter: emilio, Assigned: cknowles)
Details
https://github.com/dtolnay/rust-toolchain is a better alternative to the currently-allowed actions-rs toolchain action. The later is unmaintained and dtolnay is a well-known Rust community member.
When we moved the cbindgen repo to the mozilla org, the actions broke because of this, see https://github.com/mozilla/cbindgen/issues/836.
Below are my answers to your stock questions:
** Which repositories do you want to have access? mozilla/cbindgen (but probably other rust repos want that too)
** Are any of those repositories private? No
Assignee | ||
Comment 1•1 year ago
|
||
We need to update some of these templates - Actions are approved on an org-wide basis, hence the care taken with them.
I'll set an NI for Secops to take a look - but they're entering a work week, so there may be a delay (besides the "US Memorial Day holiday" issues)
Austin - let me know if there are any questions.
Comment 2•1 year ago
|
||
Approved by secops, as for the other action mentioned in https://github.com/mozilla/cbindgen/issues/836, we will likely keep it approved until the functionality is removed then work with teams on moving them to a action that continues to work (assuming functionality is still necessary).
I will update the Approved GHE repo within a few days.
Assignee | ||
Comment 3•1 year ago
|
||
Austin - can I get the specific allowed action string? I think dtolnay/rust-toolchain@*
is what we want - but would love confirmation of that.
Comment 4•1 year ago
|
||
Ah yes, my bad I forgot to mention that in my comment thanks for the reminder - dtolnay/rust-toolchain@* is fine.
Assignee | ||
Comment 5•1 year ago
|
||
Alright - that action is now active in the mozilla org - please give it a try and update here with either success or the next concern. (Sometimes actions rely on other actions that also have to be allowed.)
Reporter | ||
Comment 6•1 year ago
|
||
Assignee | ||
Comment 7•1 year ago
|
||
Great!
Let us know if you need others.
Description
•