jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity

Adds third-party actions notices (reusable) (#58340)

Browse Source
This commit is contained in:
Ben Ahmady
2025-11-07 07:43:56 +00:00
committed by GitHub
parent c5a93180e1
commit c589c75107
15 changed files with 27 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-aws.md
View File

@@ -128,7 +128,8 @@ The `aws-actions/configure-aws-credentials` action receives a JWT from the {% da
```yaml copy ```yaml copy
# Sample workflow to access AWS resources when workflow is tied to branch # Sample workflow to access AWS resources when workflow is tied to branch
# The workflow Creates static website using aws s3 # The workflow creates a static website using Amazon S3
{% data reusables.actions.actions-not-certified-by-github-comment %}
name: AWS example workflow name: AWS example workflow
on: on:
push push

1
content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-azure.md
View File

@@ -80,6 +80,7 @@ The following example exchanges an OIDC ID token with Azure to receive an access
{% raw %} {% raw %}
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
name: Run Azure Login with OIDC name: Run Azure Login with OIDC
on: [push] on: [push]

1
content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-google-cloud-platform.md
View File

@@ -81,6 +81,7 @@ This action exchanges a {% data variables.product.prodname_dotcom %} OIDC token
{% raw %} {% raw %}
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
name: List services in GCP name: List services in GCP
on: on:
pull_request: pull_request:

2
content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-hashicorp-vault.md
View File

@@ -128,6 +128,7 @@ This example demonstrates how to create a job that requests a secret from HashiC
* `SECRET-PATH`: Replace this with the path to the secret you're retrieving from HashiCorp Vault. For example: `secret/data/production/ci npmToken`. * `SECRET-PATH`: Replace this with the path to the secret you're retrieving from HashiCorp Vault. For example: `secret/data/production/ci npmToken`.
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
jobs: jobs:
retrieve-secret: retrieve-secret:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@@ -161,6 +162,7 @@ By default, the Vault server will automatically revoke access tokens when their
1. Add a step to call the [Revoke a Token (Self)](https://www.vaultproject.io/api/auth/token#revoke-a-token-self) Vault API to revoke the access token. 1. Add a step to call the [Revoke a Token (Self)](https://www.vaultproject.io/api/auth/token#revoke-a-token-self) Vault API to revoke the access token.
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
jobs: jobs:
retrieve-secret: retrieve-secret:
runs-on: ubuntu-latest runs-on: ubuntu-latest

2
content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-jfrog.md
View File

@@ -58,6 +58,7 @@ The following example uses the placeholders `YOUR_PROVIDER_NAME` and `YOUR_AUDIE
{% raw %} {% raw %}
```yaml ```yaml
{% data reusables.actions.actions-not-certified-by-github-comment %}
permissions: permissions:
id-token: write id-token: write
contents: read contents: read
@@ -91,6 +92,7 @@ jobs:
{% raw %} {% raw %}
```yaml ```yaml
{% data reusables.actions.actions-not-certified-by-github-comment %}
- name: Sign in to Artifactory Docker registry - name: Sign in to Artifactory Docker registry
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:

1
content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-pypi.md
View File

@@ -56,6 +56,7 @@ The [`pypa/gh-action-pypi-publish`](https://github.com/marketplace/actions/pypi-
The following example uses the `pypa/gh-action-pypi-publish` action to exchange an OIDC token for a PyPI API token, which is then used to upload a package's release distributions to PyPI. The following example uses the `pypa/gh-action-pypi-publish` action to exchange an OIDC token for a PyPI API token, which is then used to upload a package's release distributions to PyPI.
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
jobs: jobs:
release-build: release-build:
runs-on: ubuntu-latest runs-on: ubuntu-latest

3
content/actions/tutorials/build-and-test-code/java-with-gradle.md
View File

@@ -55,6 +55,7 @@ We recommend that you have a basic understanding of Java and the Gradle framewor
If you don't find the "Java with Gradle" workflow template, copy the following workflow code to a new file called `gradle.yml` in the `.github/workflows` directory of your repository. If you don't find the "Java with Gradle" workflow template, copy the following workflow code to a new file called `gradle.yml` in the `.github/workflows` directory of your repository.
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
name: Java CI with Gradle name: Java CI with Gradle
on: on:
@@ -109,6 +110,7 @@ The workflow template will run the `build` task by default. In the default Gradl
If you use different commands to build your project, or you want to use a different task, you can specify those. For example, you may want to run the `package` task that's configured in your `ci.gradle` file. If you use different commands to build your project, or you want to use a different task, you can specify those. For example, you may want to run the `package` task that's configured in your `ci.gradle` file.
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
steps: steps:
- uses: {% data reusables.actions.action-checkout %} - uses: {% data reusables.actions.action-checkout %}
- uses: {% data reusables.actions.action-setup-java %} - uses: {% data reusables.actions.action-setup-java %}
@@ -136,6 +138,7 @@ After your build has succeeded and your tests have passed, you may want to uploa
Gradle will usually create output files like JARs, EARs, or WARs in the `build/libs` directory. You can upload the contents of that directory using the `upload-artifact` action. Gradle will usually create output files like JARs, EARs, or WARs in the `build/libs` directory. You can upload the contents of that directory using the `upload-artifact` action.
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
steps: steps:
- uses: {% data reusables.actions.action-checkout %} - uses: {% data reusables.actions.action-checkout %}
- uses: {% data reusables.actions.action-setup-java %} - uses: {% data reusables.actions.action-setup-java %}

1
content/actions/tutorials/build-and-test-code/java-with-maven.md
View File

@@ -55,6 +55,7 @@ We recommend that you have a basic understanding of Java and the Maven framework
If you don't find the "Java with Maven" workflow template, copy the following workflow code to a new file called `maven.yml` in the `.github/workflows` directory of your repository. If you don't find the "Java with Maven" workflow template, copy the following workflow code to a new file called `maven.yml` in the `.github/workflows` directory of your repository.
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
name: Java CI with Maven name: Java CI with Maven
on: on:

4
content/actions/tutorials/build-and-test-code/ruby.md
View File

@@ -49,6 +49,7 @@ We recommend that you have a basic understanding of Ruby, YAML, workflow configu
If you don't find the "Ruby" workflow template, copy the following workflow code to a new file called `ruby.yml` in the `.github/workflows` directory of your repository. If you don't find the "Ruby" workflow template, copy the following workflow code to a new file called `ruby.yml` in the `.github/workflows` directory of your repository.
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
name: Ruby name: Ruby
on: on:
@@ -102,6 +103,7 @@ Using Ruby's `ruby/setup-ruby` action is the recommended way of using Ruby with
The `setup-ruby` action takes a Ruby version as an input and configures that version on the runner. The `setup-ruby` action takes a Ruby version as an input and configures that version on the runner.
```yaml ```yaml
{% data reusables.actions.actions-not-certified-by-github-comment %}
steps: steps:
- uses: {% data reusables.actions.action-checkout %} - uses: {% data reusables.actions.action-checkout %}
- uses: ruby/setup-ruby@ec02537da5712d66d4d50a0f33b7eb52773b5ed1 - uses: ruby/setup-ruby@ec02537da5712d66d4d50a0f33b7eb52773b5ed1
@@ -170,6 +172,7 @@ jobs:
The `setup-ruby` action will automatically install bundler for you. The version is determined by your `gemfile.lock` file. If no version is present in your lockfile, then the latest compatible version will be installed. The `setup-ruby` action will automatically install bundler for you. The version is determined by your `gemfile.lock` file. If no version is present in your lockfile, then the latest compatible version will be installed.
```yaml ```yaml
{% data reusables.actions.actions-not-certified-by-github-comment %}
steps: steps:
- uses: {% data reusables.actions.action-checkout %} - uses: {% data reusables.actions.action-checkout %}
- uses: ruby/setup-ruby@ec02537da5712d66d4d50a0f33b7eb52773b5ed1 - uses: ruby/setup-ruby@ec02537da5712d66d4d50a0f33b7eb52773b5ed1
@@ -187,6 +190,7 @@ To enable caching, set the following.
{% raw %} {% raw %}
```yaml ```yaml
{% data reusables.actions.actions-not-certified-by-github-comment %}
steps: steps:
- uses: ruby/setup-ruby@ec02537da5712d66d4d50a0f33b7eb52773b5ed1 - uses: ruby/setup-ruby@ec02537da5712d66d4d50a0f33b7eb52773b5ed1
with: with:

2
content/actions/tutorials/build-and-test-code/swift.md
View File

@@ -127,6 +127,7 @@ You can configure your job to use a single specific version of Swift, such as `5
{% raw %} {% raw %}
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
steps: steps:
- uses: swift-actions/setup-swift@65540b95f51493d65f5e59e97dcef9629ddf11bf - uses: swift-actions/setup-swift@65540b95f51493d65f5e59e97dcef9629ddf11bf
with: with:
@@ -142,6 +143,7 @@ steps:
You can use the same commands that you use locally to build and test your code using Swift. This example demonstrates how to use `swift build` and `swift test` in a job: You can use the same commands that you use locally to build and test your code using Swift. This example demonstrates how to use `swift build` and `swift test` in a job:
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
steps: steps:
- uses: {% data reusables.actions.action-checkout %} - uses: {% data reusables.actions.action-checkout %}
- uses: swift-actions/setup-swift@65540b95f51493d65f5e59e97dcef9629ddf11bf - uses: swift-actions/setup-swift@65540b95f51493d65f5e59e97dcef9629ddf11bf

1
content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md
View File

@@ -88,6 +88,7 @@ This example demonstrates using the `actions-sync` tool to sync an individual ac
1. After the action repository is created in your enterprise, people in your enterprise can use the destination repository to reference the action in their workflows. For the example action shown above: 1. After the action repository is created in your enterprise, people in your enterprise can use the destination repository to reference the action in their workflows. For the example action shown above:
```yaml ```yaml
{% data reusables.actions.actions-not-certified-by-github-comment %}
uses: synced-actions/actions-stale@v1 uses: synced-actions/actions-stale@v1
``` ```

1
content/code-security/dependabot/troubleshooting-dependabot/troubleshooting-dependabot-on-github-actions.md
View File

@@ -55,6 +55,7 @@ To access a private container registry on AWS with a user name and password, a w
In this example, when {% data variables.product.prodname_dependabot %} triggers the workflow, the {% data variables.product.prodname_dependabot %} secrets with the names `READONLY_AWS_ACCESS_KEY_ID` and `READONLY_AWS_ACCESS_KEY` are used. If another actor triggers the workflow, the actions secrets with those names are used. In this example, when {% data variables.product.prodname_dependabot %} triggers the workflow, the {% data variables.product.prodname_dependabot %} secrets with the names `READONLY_AWS_ACCESS_KEY_ID` and `READONLY_AWS_ACCESS_KEY` are used. If another actor triggers the workflow, the actions secrets with those names are used.
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
name: CI name: CI
on: on:
pull_request: pull_request:

4
content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md
View File

@@ -53,6 +53,7 @@ Example:
{% raw %} {% raw %}
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
name: Dependabot fetch metadata name: Dependabot fetch metadata
on: pull_request on: pull_request
@@ -89,6 +90,7 @@ Example that flags all production dependency updates with a label:
{% raw %} {% raw %}
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
name: Dependabot auto-label name: Dependabot auto-label
on: pull_request on: pull_request
@@ -124,6 +126,7 @@ Example:
{% raw %} {% raw %}
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
name: Dependabot auto-approve name: Dependabot auto-approve
on: pull_request on: pull_request
@@ -160,6 +163,7 @@ You can instead use {% data variables.product.prodname_actions %} and the {% dat
{% raw %} {% raw %}
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
name: Dependabot auto-merge name: Dependabot auto-merge
on: pull_request on: pull_request

2
content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md
View File

@@ -50,7 +50,7 @@ If you have external tools which create or manage Software Bills of Materials (S
For example, the following [SPDX Dependency Submission Action](https://github.com/marketplace/actions/spdx-dependency-submission-action) workflow calculates the dependencies for a repository, generates an exportable SBOM in SPDX 2.2 format, and submits it to the {% data variables.dependency-submission-api.name %}. For example, the following [SPDX Dependency Submission Action](https://github.com/marketplace/actions/spdx-dependency-submission-action) workflow calculates the dependencies for a repository, generates an exportable SBOM in SPDX 2.2 format, and submits it to the {% data variables.dependency-submission-api.name %}.
```yaml ```yaml
{% data reusables.actions.actions-not-certified-by-github-comment %}
name: SBOM upload name: SBOM upload
on: on:

1
content/copilot/how-tos/use-copilot-agents/coding-agent/extend-coding-agent-with-mcp.md
View File

@@ -208,6 +208,7 @@ To use the Azure DevOps MCP server with {% data variables.copilot.copilot_coding
1. Add an Azure login step to the `copilot-setup-steps` workflow job. 1. Add an Azure login step to the `copilot-setup-steps` workflow job.
```yaml copy ```yaml copy
{% data reusables.actions.actions-not-certified-by-github-comment %}
on: on:
workflow_dispatch: workflow_dispatch:
permissions: permissions: