Add dynamic security workflow and update SECURITY.md

At thoughtbot, we'd like to have a unified approach to security issues within our projects. This dynamic workflow will update Clearance's SECURITY.md with any changes made to SECURITY.md in the thoughtbot/templates repo.
thoughtbot · Jul 19, 2024 · 5a5a625 · 5a5a625
1 parent c5c3032
commit 5a5a625
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 16 deletions.
diff --git a/.github/workflows/dynamic-security.yml b/.github/workflows/dynamic-security.yml
@@ -0,0 +1,19 @@
+name: update-security
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - SECURITY.md
+  workflow_dispatch:
+
+jobs:
+  update-security:
+    permissions:
+      contents: write
+      pull-requests: write
+      pages: write
+    uses: thoughtbot/templates/.github/workflows/dynamic-security.yaml@main
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/SECURITY.md b/SECURITY.md
@@ -1,16 +1,2 @@
-# Security Policy
-
-## Supported Versions
-
-We will provide security updates for the latest 3 versions.
-
-| Version | Security updates |
-| - | - |
-| 2.7.x   | ✅ |
-| 2.6.x   | ✅ |
-| 2.5.x   | ✅ |
-| < 2.5.0 | :x: |
-
-## Reporting a Vulnerability
-
-You can contact <[email protected]>. See <https://thoughtbot.com/security> for more information about our security policy.
+<!-- START /templates/security.md -->
+<!-- END /templates/security.md -->