You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm all for security improvements, but at the same need to ensure that:
doesn't make it more painful to do releases and development on the project
doesn't hurt the UX
doesn't significantly increase complexity
I think all of your tasks make sense, except Harden Runner might make adding and updating GH workflows a bit more painful, but at the same time it does seem good to prevent malicious PRs as well.
I found some nice examples in https://github.com/sozercan/aikit/tree/main/.github/workflows
Not related to supply chain security but code quality
The text was updated successfully, but these errors were encountered: