Assess use of external addon actions-rs/toolchain@v1 in Mozilla's GitHub organization mozilla/source-map
Categories
(mozilla.org :: Github: Administration, task)
Tracking
(Not tracked)
People
(Reporter: ochameau, Unassigned)
References
(Blocks 1 open bug)
Details
I want to use the actions-rs/toolchain@v1
action in mozilla/source-map
for the following reasons:
I'm currently trying to move existing CI on Travis to Github Actions.
The codebase is using Rust and is compiled to WebAssembly.
We would benefit from using actions-rs/toolchain@v1
in order to build, run and test this library. I'm open to alternative if there is something that doesn't need additional privileged.
https://github.com/mozilla/source-map/pull/465/commits/792c6f3f11f95b342d91b5d4d6fc00125fb14a6c
Below are my answers to your stock questions:
** Which repositories do you want to have access? (all or list)
source-map (but I'm already owner of it)
** Are any of those repositories private?
Nothing private here.
** Provide link to vendor's description of permissions needed and why
Reporter | ||
Updated•2 years ago
|
Comment 1•2 years ago
|
||
Note that actions approval affects the entire org - hence the need for secops approval (which I'm setting needinfos for now). If you just need this one repo - you can copy the action in the repo and then you'll have access - but maintaining the version would be a matter of your maintaining the copy, which is why you really would like to link to the external action. I mention this as a possible path that is a) faster, and b) gets around the secops concerns.
I've checked the approved actions list, here, and this isn't in the list of already approved actions. Secops, please let us know the verdict, and what, if any, action string I should be allowing for the Mozilla org.
Reporter | ||
Comment 2•2 years ago
|
||
Thanks for the prompt response and suggested workaround (even if I don't quite understand Github Actions to know how to copy actions-rs/toolchain.).
I imagine it is worth reviewing this action as mozilla uses Rust more and more and we would probably benefit from being able to run CI for Rust codebases easily in a couple of repos.
For example this other repo had to workaround and install rust manually:
https://github.com/mozilla/authenticator-rs/pull/172
Comment 3•2 years ago
|
||
Hey :ochameau,
Looking at that PR (https://github.com/mozilla/source-map/pull/465/commits/792c6f3f11f95b342d91b5d4d6fc00125fb14a6c) it appears it may need checkout@v2 as well, which is not currently approved.
With that being said, I am good with the approval for toolchain@v1. It's in wide usage with almost 60k repos, consistent support and open sourced.
:cknowles please allow for toolchain@v1. I will update the approved actions table.
:ochameau once in place, can you attempt to use the action and see if everything is good?
Comment 4•2 years ago
|
||
alright, actions-rs/toolchain@v1
added to the action allow list.
Please confirm that things are working as desired?
Comment 5•2 years ago
|
||
Haven't heard from you :ochameau, is everything working as expected?
Reporter | ||
Comment 6•2 years ago
|
||
Sorry for the late response (was on PTO lately).
Everything works nicely, thanks for promptly enabling the two actions!
https://github.com/mozilla/source-map/actions/runs/3378190584
https://github.com/mozilla/source-map/pull/465
Description
•