ci: TODO marker for SHA-pinning third-party actions
Note that all `uses:` directives still resolve to mutable major- version tags. SHA-pinning is the Agent 8 audit recommendation but requires per-action web lookups that stalled the previous SRE attempt; tracked separately so this PR can land first.
This commit is contained in:
veilor-org
s8n-ru
parent
c1974fa6ed
commit
939a5b918c
1 changed files with 2 additions and 0 deletions
2
.github/workflows/build-iso.yml
vendored
2
.github/workflows/build-iso.yml
vendored
|
|
@ -1,3 +1,5 @@
|
||||||
|
# TODO: SHA-pin all uses: tags to commit SHAs (Agent 8 audit recommendation).
|
||||||
|
# Tracked separately so this PR can land without long web lookups.
|
||||||
name: Build veilor-os ISO
|
name: Build veilor-os ISO
|
||||||
|
|
||||||
on:
|
on:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue