akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

fix: restrict push branches in workflows to only main

Browse Source
This commit is contained in:
GitHub Actions
2026-02-26 04:31:52 +00:00
parent fb5fdb8c4e
commit 82d18f11a5
4 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/ci/check-codeql-parity.sh
View File

@@ -116,8 +116,8 @@ ensure_event_branches_semantic \
ensure_event_branches_semantic \
"$CODEQL_WORKFLOW" \
"push" \
"branches: [main, nightly, development, 'feature/**', 'fix/**']" \
"main" "nightly" "development" "feature/**" "fix/**" || fail "codeql.yml push branches must be [main, nightly, development, 'feature/**', 'fix/**']"
"branches: [main]" \
"main" || fail "codeql.yml push branches must be [main]"
grep -Fq 'queries: security-and-quality' "$CODEQL_WORKFLOW" || fail "codeql.yml must pin init queries to security-and-quality"
ensure_task_command "$TASKS_FILE" "Security: CodeQL Go Scan (CI-Aligned) [~60s]" "bash scripts/pre-commit-hooks/codeql-go-scan.sh" || fail "Missing or mismatched CI-aligned Go CodeQL task (label+command)"
ensure_task_command "$TASKS_FILE" "Security: CodeQL JS Scan (CI-Aligned) [~90s]" "bash scripts/pre-commit-hooks/codeql-js-scan.sh" || fail "Missing or mismatched CI-aligned JS CodeQL task (label+command)"