molecule-ai/molecule-ai-workspace-runtime
35
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
molecule-ai-workspace-runtime/.github
History
security-auditor a96f696ffb
All checks were successful
ci / mirror-guard (push) Successful in 4s
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 6s
Details
fix(ci): inline secret-scan body, drop cross-repo uses: of private molecule-core 
The 3-line wrapper at .github/workflows/secret-scan.yml referenced
`uses: molecule-ai/molecule-core/.github/workflows/secret-scan.yml@staging`.
molecule-core is private; act_runner clones cross-repo reusable
workflows anonymously, so the resolve fails at 0s with no logs.

Same root cause + same fix that molecule-controlplane already shipped
(see its secret-scan.yml comment block lines 10-22). Inlining keeps
the gate functional until Gitea is upgraded or the canonical scanner
moves to a public repo. When either lands, this file reverts to the
3-line wrapper.

Refs: internal#46 Phase 3 Class 2.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-07 02:29:03 -07:00
..
workflows fix(ci): inline secret-scan body, drop cross-repo uses: of private molecule-core 2026-05-07 02:29:03 -07:00