openwork

eliott/openwork

Fork 0

mirror of https://github.com/different-ai/openwork synced 2026-04-26 01:25:10 +02:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Source Open	836499af34	Revert "security: harden release workflows against secret leakage (#1480 )" (#1501 ) This reverts commit `18b9b021a1`. Co-authored-by: src-opn <src-opn@users.noreply.github.com>	2026-04-20 10:56:51 -07:00
Source Open	18b9b021a1	security: harden release workflows against secret leakage (#1480 ) * security: harden release workflows against secret leakage Verify trusted refs before secret-bearing jobs, narrow secret scope, pin key actions, and remove the opencode agents workflow to reduce workflow attack surface. * security: drop third-party action pinning Keep the trusted ref gates and narrower secret exposure, but revert external GitHub Actions back to their tagged versions to avoid broad supply-chain hardening changes in this PR. * security: scope trusted release refs to dev Update the workflow trust gates to validate tags and manual refs only against origin/dev, matching this repository's actual protected branch layout. --------- Co-authored-by: src-opn <src-opn@users.noreply.github.com>	2026-04-17 14:53:06 -07:00
Source Open	12900a0b9e	feat(server-v2): add standalone runtime and SDK foundation (#1468 ) * feat(server-v2): add standalone runtime and SDK foundation * docs(server-v2): drop planning task checklists * build(server-v2): generate OpenAPI and SDK during dev * build(server-v2): generate API artifacts before builds * build(server-v2): drop duplicate root SDK generation * build(app): remove SDK generation hooks --------- Co-authored-by: src-opn <src-opn@users.noreply.github.com>	2026-04-17 09:54:26 -07:00

Source Open

836499af34

Revert "security: harden release workflows against secret leakage (#1480 )" (#1501 )

This reverts commit 18b9b021a1.

Co-authored-by: src-opn <src-opn@users.noreply.github.com>

2026-04-20 10:56:51 -07:00

Source Open

18b9b021a1

security: harden release workflows against secret leakage (#1480 )

* security: harden release workflows against secret leakage

Verify trusted refs before secret-bearing jobs, narrow secret scope, pin key actions, and remove the opencode agents workflow to reduce workflow attack surface.

* security: drop third-party action pinning

Keep the trusted ref gates and narrower secret exposure, but revert external GitHub Actions back to their tagged versions to avoid broad supply-chain hardening changes in this PR.

* security: scope trusted release refs to dev

Update the workflow trust gates to validate tags and manual refs only against origin/dev, matching this repository's actual protected branch layout.

---------

Co-authored-by: src-opn <src-opn@users.noreply.github.com>

2026-04-17 14:53:06 -07:00

Source Open

12900a0b9e

feat(server-v2): add standalone runtime and SDK foundation (#1468 )

* feat(server-v2): add standalone runtime and SDK foundation

* docs(server-v2): drop planning task checklists

* build(server-v2): generate OpenAPI and SDK during dev

* build(server-v2): generate API artifacts before builds

* build(server-v2): drop duplicate root SDK generation

* build(app): remove SDK generation hooks

---------

Co-authored-by: src-opn <src-opn@users.noreply.github.com>

2026-04-17 09:54:26 -07:00

3 Commits