core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
7c1a595776
molecule-core/.github/workflows
History
Molecule AI Core-DevOps 03689e3d9a ci: pin GitHub Actions by SHA instead of mutable tags 
- actions/checkout@v6 → @de0fac2e4500dabe0009e67214ff5f5447ce83dd (v6.0.2)
  in secret-pattern-drift.yml
- pypa/gh-action-pypi-publish@release/v1 →
  @cef221092ed1bacb1cc03d23a2d87d1d172e277b in publish-runtime.yml

Mutable action tags (e.g. @v6, @release/v1) can silently resolve to
different code over time, creating supply-chain risk. SHA-pinning
ensures the exact commit runs every time. Workspace Dockerfile was
already compliant (python:3.11-slim@sha256:...).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-10 07:55:39 +00:00
..
auto-tag-runtime.yml fix(ci): replace gh pr CLI with Gitea v1 REST in workflows + scripts (#75 class A) 2026-05-07 15:29:26 -07:00
block-internal-paths.yml
branch-protection-drift.yml ci(branch-protection): check-name parity gate (#144) 2026-05-07 14:42:50 -07:00
canary-staging.yml chore(canary): workflow_dispatch input keep_on_failure for log capture 2026-05-08 10:58:19 -07:00
canary-verify.yml fix(ci): migrate canary-verify from GHCR to ECR + add POST route smoke tests 2026-05-10 02:10:12 +00:00
cascade-list-drift-gate.yml
check-merge-group-trigger.yml [core-be-agent] fix(ci): replace gh api calls with Gitea-compatible alternatives 2026-05-09 23:10:07 +00:00
check-migration-collisions.yml
ci.yml [core-be-agent] fix(ci): replace gh api calls with Gitea-compatible alternatives 2026-05-09 23:10:07 +00:00
codeql.yml fix(ci): convert CodeQL workflow to no-op stub on Gitea (#156) 2026-05-07 14:26:57 -07:00
continuous-synth-e2e.yml
e2e-api.yml tech-debt: rename molecule-monorepo-net -> molecule-core-net 2026-05-09 20:51:48 +00:00
e2e-staging-canvas.yml chore(workflows): drop staging-branch triggers (Phase 3b of internal#81) 2026-05-08 13:08:51 +00:00
e2e-staging-external.yml chore(workflows): drop staging-branch triggers (Phase 3b of internal#81) 2026-05-08 13:08:51 +00:00
e2e-staging-saas.yml chore(workflows): drop staging-branch triggers (Phase 3b of internal#81) 2026-05-08 13:08:51 +00:00
e2e-staging-sanity.yml
handlers-postgres-integration.yml tech-debt: rename molecule-monorepo-net -> molecule-core-net 2026-05-09 20:51:48 +00:00
harness-replays.yml fix(ci): replace dorny/paths-filter with shell-based git diff (Gitea Actions compatibility) 2026-05-10 01:11:45 +00:00
lint-curl-status-capture.yml
pr-guards.yml fix(ci): close 3 chronic Gitea-Actions workflow flakes (closes #88) 2026-05-07 17:06:09 -07:00
promote-latest.yml
publish-canvas-image.yml
publish-runtime.yml ci: pin GitHub Actions by SHA instead of mutable tags 2026-05-10 07:55:39 +00:00
publish-workspace-server-image.yml chore(ci): retrigger publish-workspace-server-image after ECR repo create (#173) 2026-05-07 13:54:11 -07:00
railway-pin-audit.yml
redeploy-tenants-on-main.yml fix(ci): migrate canary-verify from GHCR to ECR + add POST route smoke tests 2026-05-10 02:10:12 +00:00
redeploy-tenants-on-staging.yml chore(workflows): drop staging-branch triggers (Phase 3b of internal#81) 2026-05-08 13:08:51 +00:00
runtime-pin-compat.yml
runtime-prbuild-compat.yml
secret-pattern-drift.yml ci: pin GitHub Actions by SHA instead of mutable tags 2026-05-10 07:55:39 +00:00
secret-scan.yml
sweep-aws-secrets.yml
sweep-cf-orphans.yml
sweep-cf-tunnels.yml
sweep-stale-e2e-orgs.yml
test-ops-scripts.yml