harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

docs(actions-source-policy): update allowlist for Blacksmith self-hosted runner infrastructure

Browse source
This commit is contained in:
Will Sarg 2026-02-16 16:23:47 -05:00
parent 081866845f
commit a1e0c566d5
1 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

10
docs/actions-source-policy.md
View file

@ -22,6 +22,7 @@ Selected allowlist patterns:
- `rhysd/actionlint@*`
- `softprops/action-gh-release@*`
- `sigstore/cosign-installer@*`
- `useblacksmith/*` (Blacksmith self-hosted runner infrastructure)
## Change Control Export
@ -71,10 +72,13 @@ Failure mode to watch for:
If encountered, add only the specific trusted missing action, rerun, and document why.
Latest sweep note (2026-02-16):
Latest sweep notes:
- Hidden dependency discovered in `release.yml`: `sigstore/cosign-installer@...`
- Added allowlist pattern: `sigstore/cosign-installer@*`
- 2026-02-16: Hidden dependency discovered in `release.yml`: `sigstore/cosign-installer@...`
- Added allowlist pattern: `sigstore/cosign-installer@*`
- 2026-02-16: Blacksmith migration blocked workflow execution
- Added allowlist pattern: `useblacksmith/*` for self-hosted runner infrastructure
- Actions: `useblacksmith/setup-docker-builder@v1`, `useblacksmith/build-push-action@v2`
## Rollback