Commit b87b443
committed
chore: harden validation workflow and add SECURITY.md
what:
- SHA-pin actions/checkout@v6 in both validation jobs
- Pin awesome-lint to 2.3.0 instead of using latest through npx
- Add push trigger and broaden path filters to include criteria,
contributing, SECURITY.md, workflow, and validation script changes
- Remove unused pip install pyyaml and use explicit python3
- Add SECURITY.md with vulnerability reporting and signing-boundary note
why: Reduce CI supply-chain drift, ensure validation runs when its own
rules change, remove dead dependency setup, and document the
repo's vulnerability reporting path.1 parent f41e6f0 commit b87b443
2 files changed
Lines changed: 42 additions & 7 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
7 | 16 | | |
8 | 17 | | |
9 | | - | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
10 | 25 | | |
11 | 26 | | |
12 | 27 | | |
| |||
15 | 30 | | |
16 | 31 | | |
17 | 32 | | |
18 | | - | |
| 33 | + | |
19 | 34 | | |
20 | | - | |
| 35 | + | |
21 | 36 | | |
22 | 37 | | |
23 | 38 | | |
24 | 39 | | |
25 | 40 | | |
26 | 41 | | |
27 | | - | |
28 | | - | |
29 | | - | |
| 42 | + | |
30 | 43 | | |
31 | | - | |
| 44 | + | |
32 | 45 | | |
33 | 46 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
0 commit comments