Open Issues Need Help
View All on GitHubAI Summary: The task involves reviewing all GitHub workflows across multiple repositories within an organization to identify and improve input sanitization. This includes adding regex validation and other transformations (like whitespace stripping) to ensure that workflow inputs are properly cleaned and secured before being used within the workflows. The goal is to prevent potential security vulnerabilities caused by unsanitized inputs.
AI Summary: The task involves creating a reusable GitHub Actions workflow for CodeQL code scanning, addressing limitations of the default configuration. This includes copying an existing workflow, modifying it to use workflow_call triggers, creating a calling workflow in a reference repository, thoroughly testing it across various scenarios (pushes, pull requests, forks), and potentially adapting it for different programming languages. An alternative approach involving a default workflow in the organization's `.github` repository is also considered.
AI Summary: The task requires modifying the GitHub Actions workflow (`block_outside_PRs.yml`) to enhance the pull request (PR) blocking system. Instead of relying solely on an organization membership or a whitelist, the updated workflow should check if a contributor is a GitHub collaborator for the repository. This change aims to simplify the process of adding contributors and eliminate the need for maintaining and updating a whitelist.