Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Github Workflow cleanup#26193

Merged
TravisEz13 merged 2 commits into
PowerShell:masterPowerShell/PowerShell:masterfrom
TravisEz13:gh-workflow-cleanupTravisEz13/PowerShell:gh-workflow-cleanupCopy head branch name to clipboard
Oct 15, 2025
Merged

Github Workflow cleanup#26193
TravisEz13 merged 2 commits into
PowerShell:masterPowerShell/PowerShell:masterfrom
TravisEz13:gh-workflow-cleanupTravisEz13/PowerShell:gh-workflow-cleanupCopy head branch name to clipboard

Conversation

@TravisEz13

@TravisEz13 TravisEz13 commented Oct 14, 2025

Copy link
Copy Markdown
Member

PR Summary

This pull request removes several GitHub Actions workflow files related to automation and continuous integration, and updates scripts to pin downloads to a specific commit for enhanced security. The main focus is on cleaning up unused or deprecated workflows and improving the security posture by ensuring scripts are fetched from a known commit.

Workflow cleanup and deprecation:

  • Deleted multiple GitHub Actions workflow files, including those for auto-assigning PR maintainers (AssignPrs.yml), creating and processing reminders (createReminders.yml, processReminders.yml), and markdown link checking (markdownLink.yml, markdownLinkDaily.yml). This removes automation for PR assignment, reminders, and markdown validation. [1] [2] [3] [4] [5]

Security improvements:

  • Updated tools/download.sh to pin the download of install-powershell.sh to a specific commit (26bb188c8be0cda6cb548ce1a12840ebf67e1331) for compliance with OpenSSF Scorecard requirements, ensuring that scripts are fetched from a trusted and immutable source.
  • Modified tools/install-powershell.sh to use the same pinned commit for downloading resources, further enforcing script integrity and traceability.

PR Context

  • Remove use of 3rd party GitHub actions in Pull Request workflows
  • Fix other security issues

PR Checklist

@TravisEz13 TravisEz13 requested review from a team and jshigetomi as code owners October 14, 2025 21:14
@xtqqczze

xtqqczze commented Oct 15, 2025

Copy link
Copy Markdown
Contributor

Super-linter is maintained by @zkoppert who works for GitHub, so isn't this a first party action?

@daxian-dbw daxian-dbw added the CL-BuildPackaging Indicates that a PR should be marked as a build or packaging change in the Change Log label Oct 15, 2025
@TravisEz13

TravisEz13 commented Oct 15, 2025

Copy link
Copy Markdown
Member Author

/azp run PowerShell-CI-linux-packaging, PowerShell-Windows-Packaging-CI

@azure-pipelines

azure-pipelines Bot commented Oct 15, 2025

Copy link
Copy Markdown
Azure Pipelines could not run because the pipeline triggers exclude this branch/path.

@TravisEz13 TravisEz13 added the Compliance Related to compliance requirements label Oct 15, 2025
@TravisEz13 TravisEz13 enabled auto-merge (squash) October 15, 2025 19:33
@TravisEz13 TravisEz13 merged commit 0e90b57 into PowerShell:master Oct 15, 2025
35 of 36 checks passed
@TravisEz13 TravisEz13 deleted the gh-workflow-cleanup branch October 15, 2025 19:33
@microsoft-github-policy-service

microsoft-github-policy-service Bot commented Oct 15, 2025
edited by unfurl-links Bot
Loading

Copy link
Copy Markdown
Contributor

📣 Hey @@TravisEz13, how did we do? We would love to hear your feedback with the link below! 🗣️

🔗 https://aka.ms/PSRepoFeedback

@TravisEz13

TravisEz13 commented Oct 17, 2025
edited
Loading

Copy link
Copy Markdown
Member Author

#26219 Created to add some functionality back

pwshBot pushed a commit to pwshBot/PowerShell that referenced this pull request Oct 29, 2025
@TravisEz13 @pwshBot
Cherry-pick PR PowerShell#26193 with conflicts for manual resolution
1897fa3
@pwshBot pwshBot mentioned this pull request Oct 29, 2025
Merged
9 tasks
TravisEz13 added a commit to TravisEz13/PowerShell that referenced this pull request Nov 5, 2025
@TravisEz13
Github Workflow cleanup (PowerShell#26193)
c86bd6a
@TravisEz13 TravisEz13 mentioned this pull request Nov 5, 2025
Merged
6 tasks
TravisEz13 added a commit to TravisEz13/PowerShell that referenced this pull request Nov 13, 2025
@TravisEz13
Github Workflow cleanup (PowerShell#26193)
9f9a89b
@TravisEz13 TravisEz13 mentioned this pull request Nov 13, 2025
Merged
9 tasks
SIRMARGIN pushed a commit to SIRMARGIN/PowerShell that referenced this pull request Dec 12, 2025
@TravisEz13 @SIRMARGIN
Github Workflow cleanup (PowerShell#26193)
48ff076
kilasuit pushed a commit to kilasuit/PowerShell that referenced this pull request Jan 2, 2026
@TravisEz13 @kilasuit
Github Workflow cleanup (PowerShell#26193)
44ff40e
JustinGrote pushed a commit to JustinGrote/PowerShell that referenced this pull request Jun 2, 2026
@TravisEz13 @JustinGrote
Github Workflow cleanup (PowerShell#26193)
9c865c9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adityapatwardhan adityapatwardhan adityapatwardhan approved these changes

@jshigetomi jshigetomi Awaiting requested review from jshigetomi jshigetomi is a code owner

Assignees

No one assigned

Labels

Backport-7.4.x-Done Backport-7.5.x-Done Backport-7.6.x-Done CL-BuildPackaging Indicates that a PR should be marked as a build or packaging change in the Change Log Compliance Related to compliance requirements

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@TravisEz13 @xtqqczze @adityapatwardhan @daxian-dbw
Morty Proxy This is a proxified and sanitized view of the page, visit original site.