summaryrefslogtreecommitdiff
path: root/pkgs/development/python-modules/python-openstackclient/git@git.tavy.me:nixos
diff options
context:
space:
mode:
authorWolfgang Walther <walther@technowledgy.de>2025-11-01 12:51:27 +0100
committerWolfgang Walther <walther@technowledgy.de>2025-11-01 12:51:27 +0100
commit9718f2952f51307a2800c2869a49162f5c121dce (patch)
tree8bd0d9cd4082f6199ffd29cb016c69ea03563603 /pkgs/development/python-modules/python-openstackclient/git@git.tavy.me:nixos
parent0b1deb8cc66468e63f07ff1b02334ef5c2bdcaf0 (diff)
workflows/check: run codeowners validator from trusted checkout
In f7d6d11e8e8e046faaa6fbc55c2c1312e967cf04 I wrongly assumed that running from the untrusted checkout should be fine for the codeowners validator, because we removed all the logic for privileged tokens. However, this job also contains access to the cachix secret, which could be used to push malicious code to cachix, which would then be pulled by a more privileged workflow like reviewers.yml later.
Diffstat (limited to 'pkgs/development/python-modules/python-openstackclient/git@git.tavy.me:nixos')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-27 14:06:52 +0000