Github actions failing due to tj-actions hack

[jnellis]

@MartinThoma

Sync'ed forks just now and noticed actions are failing due to some hack on tj-actions yesterday.

https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised

[coding-horror]

What can we do to fix this? PR? Thank you!

[jnellis]

I suppose you could disable those workflows. Not sure if new forks would inherit disabled workflows.

https://docs.github.com/en/actions/how-tos/manage-workflow-runs/disable-and-enable-workflows

My pr would just delete all those github actions. We can try to ping the author again I suppose @MartinThoma, but will it break again in the future?

It looks like github pages deployment is failing as well, that's the web page to run the javascript submission variants in your browser.

https://github.com/coding-horror/basic-computer-games/actions/runs/17820003885

Something about No url found for submodule path 'basic-computer-games-gradle' in .gitmodules. Looking at pages deployment history you have to page by hand to where it starts failing (I didn't have the patience), but my guess it started when we axed that one guys grand architect schemes of forcing gradle on everyone, which was quite awhile ago.

You can fix that in settings->pages I guess. Forks don't have pages setup (at least not mine but it was forked before that was turned on I think.) I don't know enough about how github works with forking projects if it brings over github settings as well.

[coding-horror]

when we axed that one guys grand architect schemes

🤣 it's always that one guy!

I'll take a look, thank you. 💛