Update InstructLab organization's Settings->Actions->General to limit action usage

[bjhargrave]

Given the policy in #45, we need to update the organization settings to enforce the allowed providers of actions.

Once #45 is approved and merged, and a full audit of existing GitHub action usage is complete, the organization settings need to configured.

[russellb]

@bjhargrave does the list you have in #45 cover all currently used actions across all repos? Otherwise, it seems like we can't do the configuration until we know it doesn't break anything. Starting with everything currently in use seems fine though

[bjhargrave]

@bjhargrave does the list you have in #45 cover all currently used actions across all repos?

It is not exhaustive. There are other repos in the org which I will need to survey. This issue is to capture the need to update org settings when we have a final list.

[russellb]

Thanks, @bjhargrave . Can you make a small edit to clarify, something like:

Once #45 is approved and merged, the organization settings need to configured.

to

Once #45 is approved and merged and a full audit of existing github action usage is complete, the organization settings need to configured.

I just wanted to clarify that the audit is still a to-do item before we can update settings.

[nathan-weinberg]

Has this been done?

[russellb]

Has this been done?

fairly certain thee audit is not complete?

[github-actions]

This issue has been automatically marked as stale because it has not had activity within 90 days. It will be automatically closed if no further activity occurs within 30 days.

[nathan-weinberg]

@instructlab/oversight-committee please confirm if this is done and close it if it is

[jjasghar]

It looks like we do not have an allow list of actions done yet. You can use any action or reuseable workflow: