GitHub Actions
6c99372c52
fix(ci): add workflow orchestration for supply chain verification
Resolves issue where supply-chain-verify.yml ran before docker-build.yml
completed, causing verification to skip on PRs because Docker image
didn't exist yet.
**Root Cause:**
Both workflows triggered independently on PR events with no dependency,
running concurrently instead of sequentially.
**Solution:**
Add workflow_run trigger to supply-chain-verify that waits for
docker-build to complete successfully before running.
**Changes:**
- Remove pull_request trigger from supply-chain-verify.yml
- Add workflow_run trigger for "Docker Build, Publish & Test"
- Add job conditional checking workflow_run.conclusion == 'success'
- Update tag determination to handle workflow_run context
- Extract PR number from workflow_run metadata
- Update PR comment logic for workflow_run events
- Add debug logging for workflow_run context
- Document workflow_run depth limitation
**Behavior:**
- PRs: docker-build → supply-chain-verify (sequential)
- Push to main: docker-build → supply-chain-verify (sequential)
- Failed builds: verification skipped (correct behavior)
- Manual triggers: preserved via workflow_dispatch
- Scheduled runs: preserved for weekly scans
**Security:**
- Workflow security validated: LOW risk
- workflow_run runs in default branch context (prevents privilege escalation)
- No secret exposure in logs or comments
- Proper input sanitization for workflow metadata
- YAML validation passed
- Pre-commit hooks passed
**Testing:**
- YAML syntax validated
- All references verified correct
- Regression testing completed (no breaking changes)
- Debug instrumentation added for validation
**Documentation:**
- Implementation summary created
- QA report with security audit
- Plan archived for reference
- Testing guidelines provided
Related: #461 (PR where issue was discovered)
Resolves: Supply chain verification skipping on PRs
Co-authored-by: GitHub Copilot <copilot@github.com>
2026-01-11 00:59:10 +00:00
..
2026-01-04 20:04:22 +00:00
2026-01-07 02:54:01 +00:00
2026-01-07 02:54:01 +00:00
2026-01-10 03:39:25 +00:00
2026-01-11 00:59:10 +00:00
2026-01-10 05:41:15 +00:00
2026-01-11 00:59:10 +00:00
2026-01-11 00:59:10 +00:00
2025-12-24 17:34:56 +00:00
2026-01-07 04:36:37 +00:00
2025-12-21 04:08:42 +00:00
2025-12-20 20:37:16 +00:00
2025-12-23 15:09:22 +00:00
2025-12-14 00:11:06 +00:00
2025-12-14 00:11:06 +00:00
2025-12-14 00:11:06 +00:00
2025-12-21 04:08:42 +00:00
2025-12-23 01:59:21 +00:00
2025-12-21 04:08:42 +00:00
2025-12-21 04:08:42 +00:00
2025-12-21 04:08:42 +00:00
2025-12-24 20:34:38 +00:00
2025-12-23 01:59:21 +00:00
2025-12-21 04:08:42 +00:00
2025-12-21 04:08:42 +00:00
2025-12-21 04:08:42 +00:00
2025-12-21 04:08:42 +00:00
2025-12-21 04:08:42 +00:00
2025-12-23 01:59:21 +00:00
2025-12-21 04:08:42 +00:00
2025-12-23 01:23:54 -05:00
2025-12-24 20:34:38 +00:00
2026-01-10 03:33:38 +00:00