vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 10:30:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden CodeQL secret ref validation

Browse Source 
Remediate current-profile CodeQL findings for file SecretRef id validation and release workflow job permissions. Includes changelog credit. Thanks @vincentkoc.
This commit is contained in:
Vincent Koc
2026-04-27 13:53:27 -07:00
committed by GitHub
parent f2ba8ca927
commit bd51f82efa
8 changed files with 91 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/docker-release.yml vendored
View File

@@ -55,6 +55,7 @@ jobs:
# WARNING: KEEP MANUAL BACKFILLS GATED BY THE docker-release ENVIRONMENT.
runs-on: ubuntu-24.04
environment: docker-release
permissions: {}
steps:
- name: Approve Docker backfill
env:

1
.github/workflows/openclaw-release-checks.yml vendored
View File

@@ -527,6 +527,7 @@ jobs:
- qa_live_telegram_release_checks
if: always()
runs-on: ubuntu-24.04
permissions: {}
timeout-minutes: 5
steps:
- name: Verify release check results