Skip to content

[codex] Restrict GitHub Actions triggers#2290

Draft
davidpayip wants to merge 2 commits into
nexu-io:mainfrom
davidpayip:codex/gha-trigger-policy
Draft

[codex] Restrict GitHub Actions triggers#2290
davidpayip wants to merge 2 commits into
nexu-io:mainfrom
davidpayip:codex/gha-trigger-policy

Conversation

@davidpayip
Copy link
Copy Markdown

@davidpayip davidpayip commented May 19, 2026

Summary

  • Restricts branch-based GitHub Actions triggers to development, test, and main.
  • Removes security scan execution from promotion branches where applicable.
  • Keeps test/main promotion workflows available without rerunning development security checks.

Validation

  • Parsed all workflow YAML in the changed worktree with PyYAML.
  • Ran the branch trigger policy scan and confirmed zero remaining branch/tag trigger violations in the targeted worktree.
  • Ran agent-final-check where the base checkout was clean; dirty base checkouts were preserved and edited only through isolated worktrees.

@lefarcen lefarcen requested a review from Siri-Ray May 19, 2026 16:39
@lefarcen lefarcen added size/XS PR changes <20 lines risk/high High risk: apps/desktop, daemon, auth, migration, workflows, package deps type/chore CI / build / config / tooling labels May 19, 2026
@davidpayip davidpayip closed this May 19, 2026
@davidpayip davidpayip reopened this May 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Siri-Ray Siri-Ray Awaiting requested review from Siri-Ray

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

risk/high High risk: apps/desktop, daemon, auth, migration, workflows, package deps size/XS PR changes <20 lines type/chore CI / build / config / tooling

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@davidpayip @lefarcen