ci: track gadfly's v1 release tag instead of a pinned sha #7
@@ -38,9 +38,10 @@ jobs:
|
|||||||
&& (github.actor == 'steve'
|
&& (github.actor == 'steve'
|
||||||
|| github.actor == 'fizi'
|
|| github.actor == 'fizi'
|
||||||
|| github.actor == 'dazed'))
|
|| github.actor == 'dazed'))
|
||||||
# Pinned to an immutable gadfly commit (not @main): a push to gadfly can't
|
# Tracks gadfly's v1 release tag — a curated pointer re-moved on each release
|
||||||
# silently change the code that runs with our forwarded secrets.
|
# (unlike @main, which moves on every push). Central swarm tuning propagates
|
||||||
uses: steve/gadfly/.gitea/workflows/review-reusable.yml@b02b11d69139843665da4cdbf776bc0b3583490d
|
# here automatically; the tradeoff vs a full sha pin is that v1 is mutable.
|
||||||
|
uses: steve/gadfly/.gitea/workflows/review-reusable.yml@v1
|
||||||
# Least privilege: forward only the review secrets (not `secrets: inherit`,
|
# Least privilege: forward only the review secrets (not `secrets: inherit`,
|
||||||
# which would expose every repo secret). GITEA_TOKEN is the automatic token.
|
# which would expose every repo secret). GITEA_TOKEN is the automatic token.
|
||||||
secrets:
|
secrets:
|
||||||
|
|||||||
Reference in New Issue
Block a user