Skip to content

Github Workflow cleanup #26193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
TravisEz13 merged 2 commits into from
Oct 15, 2025
Merged

Github Workflow cleanup #26193

TravisEz13 merged 2 commits into from
Oct 15, 2025

Conversation

@TravisEz13
Copy link
Member

@TravisEz13 TravisEz13 commented Oct 14, 2025

PR Summary

This pull request removes several GitHub Actions workflow files related to automation and continuous integration, and updates scripts to pin downloads to a specific commit for enhanced security. The main focus is on cleaning up unused or deprecated workflows and improving the security posture by ensuring scripts are fetched from a known commit.

Workflow cleanup and deprecation:

  • Deleted multiple GitHub Actions workflow files, including those for auto-assigning PR maintainers (AssignPrs.yml), creating and processing reminders (createReminders.yml, processReminders.yml), and markdown link checking (markdownLink.yml, markdownLinkDaily.yml). This removes automation for PR assignment, reminders, and markdown validation. [1] [2] [3] [4] [5]

Security improvements:

  • Updated tools/download.sh to pin the download of install-powershell.sh to a specific commit (26bb188c8be0cda6cb548ce1a12840ebf67e1331) for compliance with OpenSSF Scorecard requirements, ensuring that scripts are fetched from a trusted and immutable source.
  • Modified tools/install-powershell.sh to use the same pinned commit for downloading resources, further enforcing script integrity and traceability.

PR Context

  • Remove use of 3rd party GitHub actions in Pull Request workflows
  • Fix other security issues

PR Checklist

@TravisEz13 TravisEz13 requested review from a team and jshigetomi as code owners October 14, 2025 21:14
@xtqqczze
Copy link
Contributor

xtqqczze commented Oct 15, 2025

Super-linter is maintained by @zkoppert who works for GitHub, so isn't this a first party action?

@daxian-dbw daxian-dbw added the CL-BuildPackaging Indicates that a PR should be marked as a build or packaging change in the Change Log label Oct 15, 2025
@TravisEz13
Copy link
Member Author

TravisEz13 commented Oct 15, 2025

/azp run PowerShell-CI-linux-packaging, PowerShell-Windows-Packaging-CI

@azure-pipelines
Copy link

azure-pipelines bot commented Oct 15, 2025

Azure Pipelines could not run because the pipeline triggers exclude this branch/path.

@TravisEz13 TravisEz13 added the Compliance Related to compliance requirements label Oct 15, 2025
@TravisEz13 TravisEz13 enabled auto-merge (squash) October 15, 2025 19:33
@TravisEz13 TravisEz13 merged commit 0e90b57 into PowerShell:master Oct 15, 2025
35 of 36 checks passed
@TravisEz13 TravisEz13 deleted the gh-workflow-cleanup branch October 15, 2025 19:33
@microsoft-github-policy-service
Copy link
Contributor

microsoft-github-policy-service bot commented Oct 15, 2025
edited by unfurl-links bot
Loading

📣 Hey @@TravisEz13, how did we do? We would love to hear your feedback with the link below! 🗣️

🔗 https://aka.ms/PSRepoFeedback

@TravisEz13
Copy link
Member Author

TravisEz13 commented Oct 17, 2025
edited
Loading

#26219 Created to add some functionality back

pwshBot pushed a commit to pwshBot/PowerShell that referenced this pull request Oct 29, 2025
@TravisEz13 @pwshBot
Cherry-pick PR PowerShell#26193 with conflicts for manual resolution
1897fa3
@pwshBot pwshBot mentioned this pull request Oct 29, 2025
Merged
9 tasks
TravisEz13 added a commit to TravisEz13/PowerShell that referenced this pull request Nov 5, 2025
@TravisEz13
Github Workflow cleanup (PowerShell#26193)
c86bd6a
@TravisEz13 TravisEz13 mentioned this pull request Nov 5, 2025
Merged
6 tasks
TravisEz13 added a commit to TravisEz13/PowerShell that referenced this pull request Nov 13, 2025
@TravisEz13
Github Workflow cleanup (PowerShell#26193)
9f9a89b
@TravisEz13 TravisEz13 mentioned this pull request Nov 13, 2025
Merged
9 tasks
SIRMARGIN pushed a commit to SIRMARGIN/PowerShell that referenced this pull request Dec 12, 2025
@TravisEz13 @SIRMARGIN
Github Workflow cleanup (PowerShell#26193)
48ff076
kilasuit pushed a commit to kilasuit/PowerShell that referenced this pull request Jan 2, 2026
@TravisEz13 @kilasuit
Github Workflow cleanup (PowerShell#26193)
44ff40e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adityapatwardhan adityapatwardhan adityapatwardhan approved these changes

@jshigetomi jshigetomi Awaiting requested review from jshigetomi jshigetomi is a code owner

Assignees

No one assigned

Labels

Backport-7.4.x-Migrated Backport-7.5.x-Migrated Backport-7.6.x-Migrated CL-BuildPackaging Indicates that a PR should be marked as a build or packaging change in the Change Log Compliance Related to compliance requirements

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@TravisEz13 @xtqqczze @adityapatwardhan @daxian-dbw