Commit 3bbcafb
fix(ci): remove run: steps from scorecard job, guard instant-sync secret
The OpenSSF webapp rejects scorecard results from jobs containing run:
steps. Moved the score-check run: step out of the scorecard job entirely
(the check-critical job already handles policy checks). Pinned actions to
CLAUDE.md standard SHAs. Added secret conditional guard to instant-sync
dispatch job so it skips gracefully when FARM_DISPATCH_TOKEN is absent.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>1 parent 284abe0 commit 3bbcafb
2 files changed
+7
-20
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
14 | 14 | | |
15 | 15 | | |
16 | 16 | | |
| 17 | + | |
17 | 18 | | |
18 | 19 | | |
19 | 20 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
19 | 19 | | |
20 | 20 | | |
21 | 21 | | |
22 | | - | |
| 22 | + | |
23 | 23 | | |
24 | 24 | | |
25 | 25 | | |
26 | 26 | | |
27 | | - | |
| 27 | + | |
28 | 28 | | |
29 | 29 | | |
30 | 30 | | |
31 | 31 | | |
32 | 32 | | |
33 | 33 | | |
34 | | - | |
| 34 | + | |
35 | 35 | | |
36 | 36 | | |
37 | 37 | | |
38 | | - | |
39 | | - | |
40 | | - | |
41 | | - | |
42 | | - | |
43 | | - | |
44 | | - | |
45 | | - | |
46 | | - | |
47 | | - | |
48 | | - | |
49 | | - | |
50 | | - | |
51 | | - | |
52 | | - | |
53 | | - | |
| 38 | + | |
| 39 | + | |
54 | 40 | | |
55 | 41 | | |
56 | 42 | | |
57 | | - | |
| 43 | + | |
58 | 44 | | |
59 | 45 | | |
60 | 46 | | |
| |||
0 commit comments