Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
91 commits
Select commit Hold shift + click to select a range
57b8293
feat: add interactive network approval and domain rejection
lukehinds Apr 25, 2026
2a744e0
fix: propagate approval decision to dedup waiters in network approval
klassm May 31, 2026
fe656d9
fix: always create ConfigWriter so Approve Always persists
klassm Jun 1, 2026
0c7a235
fix: check runtime filter before showing approval dialog
klassm Jun 4, 2026
7c76683
fix: network approval hardening — link-local, DNS rebinding, external…
klassm Jun 4, 2026
b2eda7e
refactor(network-policy): do not enable credentials by default in pro…
lukehinds Jun 1, 2026
6d1e714
feat(diagnostic): add profile option to suppress system service diagn…
lukehinds Jun 2, 2026
051a751
chore: release v0.61.0
lukehinds Jun 2, 2026
90c0c32
feat(profile): allow registry refs in profile extends (#1061)
lukehinds Jun 2, 2026
de9b9a1
chore: release v0.61.1
lukehinds Jun 2, 2026
b3a4997
chore(deps): bump rustls-native-certs from 0.8.3 to 0.8.4
dependabot[bot] Jun 2, 2026
56ee0ee
chore(deps): bump jsonschema from 0.46.4 to 0.46.5
dependabot[bot] Jun 2, 2026
67262e9
chore(deps): bump docker/setup-qemu-action from 4.0.0 to 4.1.0
dependabot[bot] Jun 2, 2026
ceae4e9
chore(deps): bump actions/checkout from 6.0.2 to 6.0.3
dependabot[bot] Jun 2, 2026
d748f7f
fix(proxy): deny-by-default when network.block is set (#1082)
caiocdcs Jun 5, 2026
85a3006
chore: release v0.61.2
lukehinds Jun 5, 2026
c18a83c
feat(packaging): add automated AUR package publishing (#917) (#1083)
sarovin Jun 6, 2026
9379a2e
Merge commit from fork
lukehinds Jun 7, 2026
b665f54
chore: release v0.62.0
lukehinds Jun 7, 2026
c092b8a
fix(aur): skip ssh-keyscan banner lines in host key check
sarovin Jun 7, 2026
1cc2b94
feat(pack-verification): skip pack verification on dry runs
lukehinds Jun 7, 2026
09a56a4
build: add copr source rpm packaging (#1075)
Doooooo0o Jun 7, 2026
3800f77
Remove env_clear from the session_hook subprocess
intentionally-left-nil Jun 4, 2026
b8e5758
chore(deps): bump hyper from 1.9.0 to 1.10.1
dependabot[bot] Jun 7, 2026
a26d3b7
chore(deps): bump cbindgen from 0.29.2 to 0.29.3
dependabot[bot] Jun 7, 2026
0b6e87e
chore(deps): bump x509-parser from 0.16.0 to 0.18.1
dependabot[bot] Jun 2, 2026
1521d47
fix: write cargo vendor config for copr srpms
Doooooo0o Jun 8, 2026
54fff0b
chore(deps): bump actions/checkout from 6.0.2 to 6.0.3
dependabot[bot] Jun 8, 2026
0255af4
docs: add copr installation instructions
Doooooo0o Jun 9, 2026
75c5160
refactor(audit): move audit integrity logic to nono crate
lukehinds Jun 9, 2026
3a7fb52
refactor(audit-ledger): move audit ledger logic to library crate
lukehinds Jun 9, 2026
5b6819b
fix(audit): address ledger review and clippy
lukehinds Jun 10, 2026
8e92e87
ci: use actions/attest
SequeI Jun 10, 2026
9c03906
fix: guard deduplicate() against inheriting procfs-remap originals …
scp7 Jun 8, 2026
4581a04
test(wsl2): fix has_landlock_network V4+ detection
scp7 Jun 8, 2026
58bf860
fix: replace stale nono.dev schema domains with nono.sh
mvanhorn Jun 10, 2026
3190a51
docs(cli-quickstart): add profile usage to quickstart guide
lukehinds Jun 6, 2026
c1d2224
refactor(profiles): standardize profile names with namespace
lukehinds Jun 10, 2026
5149587
feat(environment): add set_vars for static env injection (#1134)
panga Jun 13, 2026
f8e0749
Improve readme, which is underselling and not showing value (#1141)
lukehinds Jun 13, 2026
d8cadd9
docs(readme): update agent package publishing link (#1142)
lukehinds Jun 13, 2026
0f66fa0
docs(readme): refine project description and history (#1143)
lukehinds Jun 13, 2026
ef0192d
feat(keyring): add NONO_KEYRING_TIMEOUT_SECS for keychain access (#977)
caiocdcs Jun 13, 2026
1514ed7
docs(readme): update agent commands and enhance feature descriptions …
lukehinds Jun 13, 2026
939c0c9
docs: document diagnostics.suppress_system_services for macOS (#1076)…
SequeI Jun 13, 2026
d4943b9
refactor(pull_ui): remove sigstore provenance display (#1144)
lukehinds Jun 14, 2026
2dfc240
feat: add $PACK_DIR support to session_hooks for store pack support (…
intentionally-left-nil Jun 14, 2026
46ff63f
fix(cli): accept truthy env values for bool flags (#1136)
SequeI Jun 14, 2026
e6846cd
fix(linux): trap sendto/sendmsg to prevent AF_UNIX datagram bypass (#…
caiocdcs Jun 14, 2026
f280824
chore(project): add new issue template for agent package requests (#1…
lukehinds Jun 15, 2026
4d58302
fix: report the actual blocked operation instead of the readable targ…
mvanhorn Jun 15, 2026
34062df
chore(deps): bump typify from 0.6.2 to 0.7.0 (#1156)
dependabot[bot] Jun 15, 2026
f49f45a
chore(deps): bump zeroize from 1.8.2 to 1.9.0 (#1157)
dependabot[bot] Jun 15, 2026
d4d125a
chore(deps): bump time from 0.3.47 to 0.3.49 (#1158)
dependabot[bot] Jun 15, 2026
5788382
chore(deps): bump chrono from 0.4.44 to 0.4.45 (#1159)
dependabot[bot] Jun 15, 2026
14cf690
chore(deps): bump ignore from 0.4.25 to 0.4.26 (#1160)
dependabot[bot] Jun 15, 2026
2c0e135
fix(proxy): keep connection open for reactive proxy auth on CONNECT (…
anugrahsinghal Jun 15, 2026
63c05cd
feat(cli): move runtime state to XDG state dirs (#1152)
SequeI Jun 15, 2026
e6b150e
refactor(diagnostic): move diagnostic UX out of core nono crate (#1155)
SequeI Jun 15, 2026
b1c321a
chore: release v0.63.0 (#1161)
SequeI Jun 15, 2026
d4627f7
chore: import agents.md inside claude.md (#1153)
SequeI Jun 15, 2026
0d5d435
fix(proxy): return 403 + audit for denied non-CONNECT requests (#1077)
caiocdcs Jun 16, 2026
60a803e
docs(quickstart): fix profiles link (#1168)
connrg Jun 16, 2026
68348cc
docs(install): add version check and COPR fallback note (#1169)
connrg Jun 16, 2026
31303ab
fix(diagnostic): replace deprecated nono learn with nono run (#1170)
connrg Jun 16, 2026
2551d1c
docs(networking): lead with the common cases (#1174)
connrg Jun 16, 2026
9ac6bd8
docs(credential-injection): fix broken Proxy Overrides anchor (#1177)
connrg Jun 16, 2026
b50f4d1
chore(deps): add 3-day Dependabot cooldown for cargo and github-actio…
SequeI Jun 17, 2026
08e57e2
docs(allow-cwd): clarify access level is profile-driven (#1180)
connrg Jun 17, 2026
7b7844f
chore(deps): bump which from 8.0.2 to 8.0.3 (#1181)
dependabot[bot] Jun 17, 2026
9efb1de
chore(deps): bump cbindgen from 0.29.3 to 0.29.4 (#1182)
dependabot[bot] Jun 17, 2026
f2d003b
fix(policy): allow go_runtime to readwrite go-build cache (#1173)
rnestler Jun 17, 2026
0143a88
fix(proxy): respect upstream_proxy in TLS CONNECT intercept path (#10…
caiocdcs Jun 17, 2026
c95a0eb
fix(proxy): stop allow_domain endpoint route from shadowing credentia…
panga Jun 17, 2026
6f52d3f
refactor(audit): move attestation logic to core library (#1148)
lukehinds Jun 17, 2026
6248df5
feat(output): show blocked macos grants in capability summary (#1178)
lukehinds Jun 17, 2026
2c3bf78
ci: run integration tests on ubuntu runner (#1185)
SequeI Jun 17, 2026
53a4acf
fix(cli): use XDG config paths consistently (#1179)
SequeI Jun 17, 2026
9b7412d
feat: [aws] implement aws_auth config (#1166)
intentionally-left-nil Jun 17, 2026
b06733c
Refactor forward_inner_request (#1192)
intentionally-left-nil Jun 18, 2026
a40a3ca
fix: proxy should activate with customCredentials set (#1197)
intentionally-left-nil Jun 18, 2026
266cef2
feat(update-check): discover ci environments on update (#1113)
lukehinds Jun 18, 2026
4b0f7dc
feat(diagnostics): expose structured diagnostics for library and FFI …
SequeI Jun 18, 2026
2e8ea99
fix(pty): ctrl-z hangs when running with a PTY (#1135)
caiocdcs Jun 18, 2026
ffb6af5
refactor(proxy): separate proxy intent from activation (#1199)
SequeI Jun 18, 2026
b3cbdb0
chore: release v0.64.0 (#1201)
SequeI Jun 18, 2026
fd46264
refactor(credentials): require explicit activation for custom credent…
lukehinds Jun 20, 2026
f4a9c63
chore: release v0.64.1 (#1217)
lukehinds Jun 20, 2026
fddd8e5
feat: add interactive network approval and domain rejection
lukehinds Apr 25, 2026
631255f
fix: persist approved hosts to correct profile file across restarts
klassm Jun 21, 2026
b283f5d
fix: reapply DenyLinkLocal short-circuit and is_denied() Timeout afte…
klassm Jul 3, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 59 additions & 0 deletions .github/ISSUE_TEMPLATE/REQUEST-AGENT-PACKAGE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
name: New Agent Package Request
description: Request a nono package for an AI agent that isn't supported yet
labels: ["agent-package"]
body:
- type: markdown
attributes:
value: |
Thanks for helping us grow nono's agent coverage!
Use this template to request a nono package for an AI agent that isn't supported yet. The more detail you can give us about the agent — especially the hooks and customization points it exposes — the easier it is for us to build a solid, secure package.
**Please note:** opening this request is not a guarantee that we'll build the package. We prioritize based on demand, so the more popular and widely-used the agent, the more likely support will land. Either way, we'll do our best.

- type: input
id: agent-name
attributes:
label: Agent name
description: The name of the agent you'd like a nono package for.
placeholder: "e.g. Aider, Cline, OpenHands"
validations:
required: true

- type: input
id: docs-url
attributes:
label: Documentation URL
description: Link to the agent's official documentation.
placeholder: "https://docs.example.com"
validations:
required: true

- type: input
id: github-repo
attributes:
label: GitHub repository
description: Link to the agent's source repository.
placeholder: "https://github.com/org/agent"
validations:
required: true

- type: textarea
id: hooks-customization
attributes:
label: Hooks and customization
description: |
What hooks, plugins, lifecycle events, config files, or other customization points does the agent provide that a nono package could leverage? For example: pre/post-command hooks, tool-call interception, a settings/config file, SKILL files, environment variables, or an extension API. Link to the relevant docs or source where you can.
placeholder: "The agent supports a pre-tool-use hook defined in ~/.agent/config.yaml that runs a command before each shell action..."
validations:
required: true

- type: textarea
id: popularity
attributes:
label: Adoption and popularity
description: Help us gauge demand — GitHub stars, download counts, community size, or where the agent is being used. This directly informs prioritization.

- type: textarea
id: context
attributes:
label: Additional context
description: Anything else that would help us build the package — known security concerns, platform support (Linux/macOS), how you intend to use the agent under nono, or related requests.
4 changes: 2 additions & 2 deletions .github/ISSUE_TEMPLATE/onboarding_issue.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ body:
- Installation (Homebrew / cargo / binary download)
- First run (`nono run` returned an error immediately)
- Writing or loading a profile (JSON)
- Using a built-in profile (e.g. `--profile claude-code`)
- Using a built-in profile (e.g. `--profile always-further/claude`)
- nono ran but didn't seem to enforce anything
- Something else (describe below)
validations:
Expand All @@ -29,7 +29,7 @@ body:
attributes:
label: What happened?
description: What did you try, and what went wrong?
placeholder: "I followed the quickstart and ran `nono run --profile claude-code -- claude` but got..."
placeholder: "I followed the quickstart and ran `nono run --profile always-further/claude -- claude` but got..."
validations:
required: true

Expand Down
6 changes: 6 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,12 +1,18 @@
version: 2

# Delay version-update PRs so freshly published packages are not pulled into
# releases immediately. Security updates bypass cooldown automatically.
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
cooldown:
default-days: 3

- package-ecosystem: "cargo"
directory: "/"
schedule:
interval: "weekly"
cooldown:
default-days: 3
2 changes: 1 addition & 1 deletion .github/workflows/attest-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
--dir artifacts

- name: Attest build provenance
uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2
uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-path: |
artifacts/*.tar.gz
Expand Down
177 changes: 177 additions & 0 deletions .github/workflows/aur-publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,177 @@
name: AUR Publish

on:
workflow_run:
workflows: ["Release"]
types:
- completed
workflow_dispatch:
inputs:
tag:
description: 'Release tag to publish to the AUR (e.g., v0.61.1)'
required: true
type: string

permissions:
contents: read

# Serialize publishes so two close releases cannot race the AUR repository.
concurrency:
group: aur-publish
cancel-in-progress: false

jobs:
resolve:
name: Resolve publish parameters
runs-on: ubuntu-latest
if: >-
github.repository == 'always-further/nono' &&
((github.event_name == 'workflow_dispatch') ||
(github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success'))
outputs:
tag: ${{ steps.params.outputs.tag }}
publish: ${{ steps.params.outputs.publish }}
steps:
- name: Compute parameters
id: params
env:
EVENT_NAME: ${{ github.event_name }}
WR_HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }}
WD_TAG: ${{ inputs.tag }}
run: |
set -euo pipefail
if [ "$EVENT_NAME" = "workflow_run" ]; then
TAG="$WR_HEAD_BRANCH"
else
TAG="$WD_TAG"
fi

# Only stable vX.Y.Z release tags are published to the AUR. This
# rejects prereleases (alpha/beta/rc) and workflow_run events for
# Release runs started from a branch, where head_branch is the
# branch name instead of a tag.
if [[ ! "$TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Not a stable release tag: '$TAG' — skipping AUR publish."
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
echo "publish=false" >> "$GITHUB_OUTPUT"
exit 0
fi

echo "tag=$TAG" >> "$GITHUB_OUTPUT"
echo "publish=true" >> "$GITHUB_OUTPUT"

publish:
name: Publish to AUR
needs: resolve
if: ${{ needs.resolve.outputs.publish == 'true' }}
runs-on: ubuntu-latest
container:
image: archlinux:latest
steps:
# git must be installed before actions/checkout so it produces a real
# git checkout; base-devel provides makepkg and sudo, pacman-contrib
# provides updpkgsums.
- name: Install dependencies
run: pacman -Syu --noconfirm --needed base-devel git pacman-contrib openssh

# The PKGBUILD template and update.sh are always taken from the branch
# the workflow runs on (the default branch), not from the release tag:
# packaging fixes must flow into the next publish, and tags that predate
# this workflow have no packaging/aur directory at all.
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6

- name: Create build user
# makepkg and updpkgsums refuse to run as root. The workspace is
# handed to an unprivileged user; safe.directory keeps the
# actions/checkout post-job cleanup (running as root) working on it.
run: |
set -euo pipefail
useradd -m builder
git config --global --add safe.directory '*'
chown -R builder:builder .

- name: Verify AUR host keys and configure SSH
env:
AUR_SSH_PRIVATE_KEY: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
run: |
set -euo pipefail
# Official AUR SSH host key fingerprints, published on
# https://aur.archlinux.org/ ("The following SSH fingerprints are
# used for the AUR"). Every key returned by ssh-keyscan must match
# one of these pinned fingerprints or the job fails (no trust on
# first use). If Arch Linux rotates its keys, update these values
# from that page (see packaging/aur/README.md).
expected='SHA256:RFzBCUItH9LZS0cKB5UE6ceAYhBD5C8GeOBip8Z11+4 SHA256:uTa/0PndEgPZTf76e1DFqXKJEXKsn7m9ivhLQtzGOCI SHA256:5s5cIyReIfNNVGRFdDbe3hdYiI5OelHGpw2rOUud3Q8'

install -d -m 700 -o builder -g builder /home/builder/.ssh

ssh-keyscan -t ed25519,ecdsa,rsa aur.archlinux.org > /home/builder/.ssh/scanned
if [ ! -s /home/builder/.ssh/scanned ]; then
echo "::error::ssh-keyscan returned no host keys for aur.archlinux.org"
exit 1
fi

# ssh-keyscan (OpenSSH 10+) writes an informational "# host SSH-2.0-..."
# banner line to stdout for each scanned key. Feeding the whole file to
# ssh-keygen -lf (rather than each line to stdin) lets ssh-keygen skip
# those comments natively and emit one fingerprint per host key.
fingerprints="$(ssh-keygen -lf /home/builder/.ssh/scanned | awk '{print $2}')"
if [ -z "$fingerprints" ]; then
echo "::error::ssh-keygen produced no fingerprints for aur.archlinux.org"
exit 1
fi

while IFS= read -r fp; do
if [[ " $expected " != *" $fp "* ]]; then
echo "::error::Unexpected SSH host key fingerprint for aur.archlinux.org: $fp"
exit 1
fi
echo "Verified host key: $fp"
done <<< "$fingerprints"

mv /home/builder/.ssh/scanned /home/builder/.ssh/known_hosts

# Private key comes from the repository secret; it is written
# straight to disk and never echoed to the log.
printf '%s\n' "$AUR_SSH_PRIVATE_KEY" > /home/builder/.ssh/aur

cat > /home/builder/.ssh/config <<'EOF'
Host aur.archlinux.org
User aur
IdentityFile ~/.ssh/aur
IdentitiesOnly yes
StrictHostKeyChecking yes
EOF

chmod 600 /home/builder/.ssh/aur /home/builder/.ssh/config /home/builder/.ssh/known_hosts
chown -R builder:builder /home/builder/.ssh

- name: Clone AUR repository
run: sudo -u builder git clone ssh://aur@aur.archlinux.org/nono-ai-bin.git /home/builder/aur

- name: Generate PKGBUILD and .SRCINFO
env:
RELEASE_TAG: ${{ needs.resolve.outputs.tag }}
run: sudo -u builder ./packaging/aur/update.sh "$RELEASE_TAG"

- name: Push to AUR if changed
run: |
set -euo pipefail
install -m 644 -o builder -g builder \
packaging/aur/PKGBUILD packaging/aur/.SRCINFO /home/builder/aur/
# The version comes from the freshly generated PKGBUILD rather than
# from an environment variable: sudo's default policy resets the
# environment, and the PKGBUILD value is what actually gets published.
sudo -u builder bash -euo pipefail <<'EOS'
cd /home/builder/aur
ver="$(awk -F= '/^pkgver=/{print $2; exit}' PKGBUILD)"
if [ -z "$(git status --porcelain)" ]; then
echo "AUR is already up to date with v${ver}; nothing to push."
exit 0
fi
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add PKGBUILD .SRCINFO
git commit -m "Update to ${ver}"
git push origin master
EOS
27 changes: 14 additions & 13 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
run_code_jobs: ${{ steps.classify.outputs.run_code_jobs }}
run_docs_checks: ${{ steps.classify.outputs.run_docs_checks }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
fetch-depth: 0

Expand Down Expand Up @@ -96,7 +96,7 @@ jobs:
matrix:
os: [ubuntu-latest, macos-latest]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable
Expand Down Expand Up @@ -141,7 +141,7 @@ jobs:
if: ${{ needs.changes.outputs.run_code_jobs == 'true' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable
Expand All @@ -158,7 +158,7 @@ jobs:
if: ${{ !startsWith(github.head_ref, 'dependabot/github_actions/') && needs.changes.outputs.run_code_jobs == 'true' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable
Expand Down Expand Up @@ -186,7 +186,7 @@ jobs:
matrix:
os: [ubuntu-latest, macos-latest]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable
Expand All @@ -198,12 +198,16 @@ jobs:
run: cargo clippy --workspace --all-targets --all-features -- -D warnings -D clippy::unwrap_used

integration:
name: Integration Tests
name: Integration (${{ matrix.os }})
needs: changes
if: ${{ !startsWith(github.head_ref, 'dependabot/github_actions/') && needs.changes.outputs.run_code_jobs == 'true' }}
runs-on: macos-latest
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest-m, macos-latest]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable
Expand All @@ -221,9 +225,6 @@ jobs:
restore-keys: |
${{ runner.os }}-cargo-

- name: Build release binary
run: cargo build --release

- name: Run integration tests
run: |
if [[ -f ./tests/run_integration_tests.sh ]]; then
Expand All @@ -238,7 +239,7 @@ jobs:
if: ${{ needs.changes.outputs.run_code_jobs == 'true' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable
Expand All @@ -257,7 +258,7 @@ jobs:
if: ${{ needs.changes.outputs.run_docs_checks == 'true' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

- name: Verify docs routes are canonical
run: |
Expand Down
Loading