harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

Merge pull request #432 from zeroclaw-labs/selfhost-blacksmith

Browse source
This commit is contained in:
Will Sarg 2026-02-16 16:24:19 -05:00 committed by GitHub
commit 98bf7593f5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

10
docs/actions-source-policy.md
View file

@ -22,6 +22,7 @@ Selected allowlist patterns:
- `rhysd/actionlint@*` - `rhysd/actionlint@*`
- `softprops/action-gh-release@*` - `softprops/action-gh-release@*`
- `sigstore/cosign-installer@*` - `sigstore/cosign-installer@*`
- `useblacksmith/*` (Blacksmith self-hosted runner infrastructure)
## Change Control Export ## Change Control Export
@ -71,10 +72,13 @@ Failure mode to watch for:
If encountered, add only the specific trusted missing action, rerun, and document why. If encountered, add only the specific trusted missing action, rerun, and document why.
Latest sweep note (2026-02-16): Latest sweep notes:
- Hidden dependency discovered in `release.yml`: `sigstore/cosign-installer@...` - 2026-02-16: Hidden dependency discovered in `release.yml`: `sigstore/cosign-installer@...`
- Added allowlist pattern: `sigstore/cosign-installer@*` - Added allowlist pattern: `sigstore/cosign-installer@*`
- 2026-02-16: Blacksmith migration blocked workflow execution
- Added allowlist pattern: `useblacksmith/*` for self-hosted runner infrastructure
- Actions: `useblacksmith/setup-docker-builder@v1`, `useblacksmith/build-push-action@v2`
## Rollback ## Rollback