diff --git a/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-aws.md b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-aws.md index 4099d3209647..9d78780f25a6 100644 --- a/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-aws.md +++ b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-aws.md @@ -141,6 +141,7 @@ The `aws-actions/configure-aws-credentials` action receives a JWT from the {% da # Sample workflow to access AWS resources when workflow is tied to branch # The workflow creates a static website using Amazon S3 {% data reusables.actions.actions-not-certified-by-github-comment %} +{% data reusables.actions.actions-use-sha-pinning-comment %} name: AWS example workflow on: push diff --git a/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-azure.md b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-azure.md index 5708cfe7f55d..df4a276e630c 100644 --- a/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-azure.md +++ b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-azure.md @@ -81,6 +81,7 @@ The following example exchanges an OIDC ID token with Azure to receive an access ```yaml copy {% data reusables.actions.actions-not-certified-by-github-comment %} +{% data reusables.actions.actions-use-sha-pinning-comment %} name: Run Azure Login with OIDC on: [push] diff --git a/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-google-cloud-platform.md b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-google-cloud-platform.md index 5366b5acb3ee..8e048ca84cb7 100644 --- a/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-google-cloud-platform.md +++ b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-google-cloud-platform.md @@ -82,6 +82,7 @@ This action exchanges a {% data variables.product.prodname_dotcom %} OIDC token ```yaml copy {% data reusables.actions.actions-not-certified-by-github-comment %} +{% data reusables.actions.actions-use-sha-pinning-comment %} name: List services in GCP on: pull_request: diff --git a/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-hashicorp-vault.md b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-hashicorp-vault.md index b2a016ef6461..a987c22dca2d 100644 --- a/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-hashicorp-vault.md +++ b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-hashicorp-vault.md @@ -129,6 +129,7 @@ This example demonstrates how to create a job that requests a secret from HashiC ```yaml copy {% data reusables.actions.actions-not-certified-by-github-comment %} +{% data reusables.actions.actions-use-sha-pinning-comment %} jobs: retrieve-secret: runs-on: ubuntu-latest @@ -163,6 +164,7 @@ By default, the Vault server will automatically revoke access tokens when their ```yaml copy {% data reusables.actions.actions-not-certified-by-github-comment %} +{% data reusables.actions.actions-use-sha-pinning-comment %} jobs: retrieve-secret: runs-on: ubuntu-latest diff --git a/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-pypi.md b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-pypi.md index d659744c9677..026106ee0819 100644 --- a/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-pypi.md +++ b/content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-pypi.md @@ -56,6 +56,7 @@ The following example uses the `pypa/gh-action-pypi-publish` action to exchange ```yaml copy {% data reusables.actions.actions-not-certified-by-github-comment %} +{% data reusables.actions.actions-use-sha-pinning-comment %} jobs: release-build: runs-on: ubuntu-latest