|
|
bf920696ac
|
ci: harden workflow + add security scanning and format gates
CI / storybook-a11y (push) Successful in 4m3s
CI / backend (push) Successful in 1m1s
CI / codeql (csharp) (push) Failing after 39m18s
CI / codeql (javascript-typescript) (push) Failing after 1m22s
CI / frontend (push) Successful in 1m25s
CI / api-client-drift (push) Successful in 1m34s
- permissions: contents:read (least privilege), concurrency cancel,
scope push to main+tags (was: every branch, double-running with PRs),
per-job timeout-minutes.
- security: npm audit --omit=dev, CodeQL SAST (TS + C#), Dependabot
(npm/nuget/actions).
- format: npm run format:check + dotnet format --verify-no-changes.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
2026-07-03 13:39:31 +02:00 |
|