Skip to content

Feature/79895 Split build and release in two separate Github Actions jobs#26

Closed
bogdandina wants to merge 11 commits into
mainfrom
feature/79895_split-build-and-release-in-separate-jobs
Closed

Feature/79895 Split build and release in two separate Github Actions jobs#26
bogdandina wants to merge 11 commits into
mainfrom
feature/79895_split-build-and-release-in-separate-jobs

Conversation

@bogdandina
Copy link
Copy Markdown
Contributor

@bogdandina bogdandina commented May 19, 2026

No description provided.

bogdandina and others added 7 commits May 19, 2026 22:43
@bogdandina @claude
feat(79894): add zizmor workflow security audit and pin all action SHAs
f1bfe06 
Add a zizmor job to ci.yml that runs on every PR and push to main,
auditing all workflow files for unpinned actions, template injection,
excessive permissions, and other insecure patterns via
zizmorcore/zizmor-action (SARIF results uploaded to GitHub Security tab).

Pin every uses: reference across all four shared workflows to an
immutable commit SHA with a human-readable version comment, eliminating
the supply-chain risk of mutable tags being silently redirected to
malicious commits.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@bogdandina
feat(79897): fix security alerts
252d354
@bogdandina
feat(79897): fix TS cache poison issue
f41e8bb
@bogdandina
feat(79897): one more fix for cache poisoning issue
bed8a86
@bogdandina
feat(79896): disable cache usage
c06b655
@bogdandina
feat(79897): fix
48e333e
@bogdandina
feat(79895): split job in ci & cd
32395d3
@bogdandina bogdandina requested a review from haphut May 19, 2026 20:23
github-advanced-security[bot]
github-advanced-security AI found potential problems May 19, 2026
View reviewed changes
Comment thread .github/workflows/ci-cd-java.yml Fixed
Comment thread .github/workflows/ci-cd-kotlin.yml Fixed
Comment thread .github/workflows/ci-cd-typescript.yml Fixed
haphut
haphut reviewed May 21, 2026
View reviewed changes
Comment thread .github/workflows/ci-cd-java.yml
haphut
haphut reviewed May 21, 2026
View reviewed changes
Comment thread .github/workflows/ci-cd-typescript.yml
haphut
haphut approved these changes May 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@haphut haphut left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great job! I'm approving even though I'd like to see some changes. If you agree with the changes, you can merge after them. Otherwise let's discuss.

@haphut
Copy link
Copy Markdown
Contributor

haphut commented May 21, 2026

I think you can close the Zizmor PR as the commits are already here, as you mentioned, and they look fine as well.

@bogdandina bogdandina closed this May 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@haphut haphut haphut approved these changes

+1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bogdandina @haphut @github-advanced-security