veilor-org/veilor-os
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions 1

ci: TODO marker for SHA-pinning third-party actions
Some checks failed
Lint / Kickstart syntax (pull_request) Failing after 3s
Details
Lint / Shell scripts (pull_request) Failing after 38s
Details
Lint / No personal/onyx leaks (pull_request) Failing after 11m14s
Details

Browse source 
Note that all `uses:` directives still resolve to mutable major-
version tags. SHA-pinning is the Agent 8 audit recommendation but
requires per-action web lookups that stalled the previous SRE
attempt; tracked separately so this PR can land first.
This commit is contained in:
veilor-org 2026-05-06 10:41:19 +01:00
parent 84275e2515
commit b74ef5005d
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/build-iso.yml vendored
View file

@ -1,3 +1,5 @@
# TODO: SHA-pin all uses: tags to commit SHAs (Agent 8 audit recommendation).
# Tracked separately so this PR can land without long web lookups.
name: Build veilor-os ISO
on: