[StepSecurity] ci: Harden GitHub Actions (#492) #277
release-drafter.yml
on: push
update_release_draft
38s
Annotations
2 errors
update_release_draft
Resource not accessible by integration
{
name: 'HttpError',
id: '10057118528',
status: 403,
response: {
url: 'https://api.github.com/repos/OpenZeppelin/defender-sdk/releases',
status: 403,
headers: {
'access-control-allow-origin': '*',
'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
connection: 'close',
'content-encoding': 'gzip',
'content-security-policy': "default-src 'none'",
'content-type': 'application/json; charset=utf-8',
date: 'Tue, 23 Jul 2024 10:20:07 GMT',
'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
server: 'github.com',
'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
'transfer-encoding': 'chunked',
vary: 'Accept-Encoding, Accept, X-Requested-With',
'x-accepted-github-permissions': 'contents=write; contents=write,workflows=write',
'x-content-type-options': 'nosniff',
'x-frame-options': 'deny',
'x-github-api-version-selected': '2022-11-28',
'x-github-media-type': 'github.v3; format=json',
'x-github-request-id': '6C41:1FB050:3B374C0:3BAFEA1:669F83D6',
'x-ratelimit-limit': '5000',
'x-ratelimit-remaining': '4724',
'x-ratelimit-reset': '1721732153',
'x-ratelimit-resource': 'core',
'x-ratelimit-used': '276',
'x-xss-protection': '0'
},
data: {
message: 'Resource not accessible by integration',
documentation_url: 'https://docs.github.com/rest/releases/releases#create-a-release',
status: '403'
}
},
request: {
method: 'POST',
url: 'https://api.github.com/repos/OpenZeppelin/defender-sdk/releases',
headers: {
accept: 'application/vnd.github.v3+json',
'user-agent': 'probot/12.2.5 octokit-core.js/3.5.1 Node.js/20.13.1 (linux; x64)',
authorization: 'token [REDACTED]',
'content-type': 'application/json; charset=utf-8'
},
body: '{"target_commitish":"refs/heads/main","name":"","tag_name":"","body":"## Next Release Version: v0.1.0\\n\\n## Changes\\n- ci: [StepSecurity] Harden GitHub Actions @step-security-bot (#492)\\n- chore: remove the pre\\\\* defined scripts @collins-w (#493)\\n- ci: update the version packages @github-actions (#488)\\n- chore: Add v1.14.2 changeset file @collins-w (#477)\\n- chore: Bring back openssf badge @tirumerla (#484)\\n- chore: upgrade pnpm @tirumerla (#479)\\n- Update the release workflow @collins-w (#476)\\n- Fix the changeset publish @collins-w (#473)\\n- Plat 4467 relayers usage limiting @zeljkoX (#350)\\n- chore: add codeowners \\\\& security doc @tirumerla (#475)\\n- [StepSecurity] Apply security best practices @step-security-bot (#472)\\n- Bump actions/setup-node from 4.0.2 to 4.0.3 @dependabot (#466)\\n- Bump changesets/action from 1.0.0 to 1.4.7 @dependabot (#463)\\n- Bump actions/checkout from 4.1.6 to 4.1.7 @dependabot (#461)\\n- Bump anchore/sbom-action from 0.16.0 to 0.16.1 @dependabot (#462)\\n- Bump github/codeql-action from 3.25.11 to 3.25.12 @dependabot (#464)\\n- add example contract call @MCarlomagno (#460)\\n- plaform-sdk-deps: bump tslib from 2.6.2 to 2.6.3 @dependabot (#411)\\n- [StepSecurity] Apply security best practices @step-security-bot (#459)\\n- plaform-sdk-deps: bump @types/lodash from 4.14.157 to 4.17.6 @dependabot (#442)\\n- plaform-sdk-deps: bump @types/async-retry from 1.4.4 to 1.4.8 @dependabot (#167)\\n- plaform-sdk-deps: bump web3-core from 1.10.3 to 1.10.4 @dependabot (#409)\\n- Bump glob from 7.2.3 to 11.0.0 in /packages/action @dependabot (#450)\\n- Update the version packages @github-actions (#458)\\n- Add changeset file for the v1.14.1 @collins-w (#457)\\n- Version Packages @github-actions (#456)\\n- Update Semver Package Version @collins-w (#455)\\n- Update the actions version tags @collin
|
update_release_draft
HttpError: Resource not accessible by integration
at /home/runner/work/_actions/release-drafter/release-drafter/3f0f87098bd6b5c5b9a36d49c41d998ea58f9348/dist/index.js:8462:21
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async Job.doExecute (/home/runner/work/_actions/release-drafter/release-drafter/3f0f87098bd6b5c5b9a36d49c41d998ea58f9348/dist/index.js:30793:18)
{
name: 'AggregateError',
event: {
id: '10057118528',
name: 'push',
payload: {
after: '67b2dd6709e64059efc0166c7159f6883c6d6cd9',
base_ref: null,
before: 'd23729d9c3e4c9ff06812422d4ddd4a51c7d9762',
commits: [
{
author: {
email: '[email protected]',
name: 'StepSecurity Bot',
username: 'step-security-bot'
},
committer: {
email: '[email protected]',
name: 'GitHub',
username: 'web-flow'
},
distinct: true,
id: '67b2dd6709e64059efc0166c7159f6883c6d6cd9',
message: '[StepSecurity] ci: Harden GitHub Actions (#492)\n' +
'\n' +
'Signed-off-by: StepSecurity Bot <[email protected]>',
timestamp: '2024-07-23T03:19:20-07:00',
tree_id: 'fb84b0981428d605e2f5e2c0bbae5463f26014b1',
url: 'https://github.com/OpenZeppelin/defender-sdk/commit/67b2dd6709e64059efc0166c7159f6883c6d6cd9'
}
],
compare: 'https://github.com/OpenZeppelin/defender-sdk/compare/d23729d9c3e4...67b2dd6709e6',
created: false,
deleted: false,
forced: false,
head_commit: {
author: {
email: '[email protected]',
name: 'StepSecurity Bot',
username: 'step-security-bot'
},
committer: {
email: '[email protected]',
name: 'GitHub',
username: 'web-flow'
},
distinct: true,
id: '67b2dd6709e64059efc0166c7159f6883c6d6cd9',
message: '[StepSecurity] ci: Harden GitHub Actions (#492)\n' +
'\n' +
'Signed-off-by: StepSecurity Bot <[email protected]>',
timestamp: '2024-07-23T03:19:20-07:00',
tree_id: 'fb84b0981428d605e2f5e2c0bbae5463f26014b1',
url: 'https://github.com/OpenZeppelin/defender-sdk/commit/67b2dd6709e64059efc0166c7159f6883c6d6cd9'
},
organization: {
avatar_url: 'https://avatars.githubusercontent.com/u/20820676?v=4',
description: 'The standard for secure blockchain applications',
events_url: 'https://api.github.com/orgs/OpenZeppelin/events',
hooks_url: 'https://api.github.com/orgs/OpenZeppelin/hooks',
id: 20820676,
issues_url: 'https://api.github.com/orgs/OpenZeppelin/issues',
login: 'OpenZeppelin',
members_url: 'https://api.github.com/orgs/OpenZeppelin/members{/member}',
node_id: 'MDEyOk9yZ2FuaXphdGlvbjIwODIwNjc2',
public_members_url: 'https://api.github.com/orgs/OpenZeppelin/public_members{/member}',
repos_url: 'https://api.github.com/orgs/OpenZeppelin/repos',
url: 'https://api.github.com/orgs/OpenZeppelin'
},
pusher: {
email: '[email protected]',
name: 'tirumerla'
},
ref: 'refs/heads/main',
repository: {
allow_forking: true,
archive_url: 'https://api.github.com/repos/OpenZeppelin/defender-sdk/{archive_format}{/ref}',
archived: false,
assignees_url: 'https://api.github.com/repos/OpenZeppelin/defender-sdk/assignees{/user}',
blobs_url: 'https://api.github.com/repos/OpenZeppelin/defender-sdk/git/blobs{/sha}',
branches_url: 'https://api.github.com/repos/OpenZeppelin/defender-sdk/branches{/branch}',
clone_url: 'https://github.com/OpenZeppelin/defender-sdk.git',
collaborators_url: 'https://api.github.com/repos/OpenZeppelin/defender-sdk/collaborators{/collaborator}',
comments_url: 'https://api.github.com/repos/OpenZeppelin/defender-sdk/comments{/number}',
commits_url: 'h
|