summaryrefslogtreecommitdiff
path: root/docs/_include
diff options
context:
space:
mode:
authorYuriy Andamasov <yuriy@vyos.io>2026-05-10 23:17:57 +0300
committerYuriy Andamasov <yuriy@vyos.io>2026-05-10 23:17:57 +0300
commit6a4a23e617e59aa6ed8ec6ab72bb1675f57e8741 (patch)
tree9a2a2361bc669758a8570f4a635a283a2aa6208e /docs/_include
parenta187cf9081edc3bc1bc06f4f441192976c4ee383 (diff)
downloadvyos-documentation-6a4a23e617e59aa6ed8ec6ab72bb1675f57e8741.tar.gz
vyos-documentation-6a4a23e617e59aa6ed8ec6ab72bb1675f57e8741.zip
Revert "ci: prepare on GitHub-hosted ubuntu" — Debian self-hosted only
User direction: GitHub-hosted ubuntu-latest is not available in this environment. The runner pool is Debian 12 self-hosted (web-runner-01, web-runner-02). prepare must run there too. Pushing back on Copilot's defense-in-depth finding (line 35) with explicit threat-model reasoning documented in the workflow comment: - prepare does not execute fork code. Only git fetch / git diff / git show / file reads. No pip install, no npm install, no build, no test. Adding any of these would require a deliberate code change in this file that a reviewer must approve. - No secrets are referenced in prepare. Even a presence-check would leak the value into the runner environment. - persist-credentials: false on the merge-ref checkout keeps the default GITHUB_TOKEN out of fork-readable .git/config. - The atos-actions/clean-self-hosted-runner step (`if: always()`) wipes the workspace after every job regardless of exit state. The split-job artifact still bridges the trust boundary to validate. validate remains the only place where secrets are referenced. The skip-notice `gh pr comment` step from a22df7d is preserved — that's an independent discoverability improvement. 🤖 Generated by [robots](https://vyos.io)
Diffstat (limited to 'docs/_include')
0 files changed, 0 insertions, 0 deletions