Skip to content

chore: workflow cleanup#225

Merged
e271828- merged 2 commits intomainfrom
tighten
Dec 1, 2025
Merged

chore: workflow cleanup#225
e271828- merged 2 commits intomainfrom
tighten

Conversation

@e271828-
Copy link
Copy Markdown
Contributor

@e271828- e271828- commented Dec 1, 2025
edited
Loading

  • In .github/workflows/ci.yml set the default token to read-only (contents, actions) and added job-level issues: write only for the comment-posting jobs, keeping everything else read-only.
  • Added persist-credentials: false to all checkout steps to avoid leaving the token in Git config for any subsequent untrusted shell commands.
  • Made Gradle caching read-only for pull_request runs to prevent cache poisoning; note that with actions: read tokens, caches will no longer be saved (only restored).
  • Scoped PR-only behavior more tightly: size-report now runs only on pull_request events, and benchmark/diff comment steps only run for PRs.

@e271828-
chore: workflow cleanup
b6d2f12 
  - In .github/workflows/ci.yml set the default token to read-only (contents,
    actions) and added job-level issues: write only for the comment-posting
    jobs, keeping everything else read-only.
  - Added persist-credentials: false to all checkout steps to avoid leaving the
    token in Git config for any subsequent untrusted shell commands.
  - Made Gradle caching read-only for pull_request runs to prevent cache
    poisoning; note that with actions: read tokens, caches will no longer be
    saved (only restored) unless you opt back into broader permissions.
  - Scoped PR-only behavior more tightly: size-report now runs only on
    pull_request events, and benchmark/diff comment steps only run for PRs.
@e271828- e271828- requested a review from CAMOBAP December 1, 2025 15:10
@CAMOBAP CAMOBAP self-requested a review December 1, 2025 15:44
@e271828- e271828- marked this pull request as draft December 1, 2025 16:07
@github-actions
Copy link
Copy Markdown

github-actions bot commented Dec 1, 2025

Diffuse report:

OLD: sdk-main.aar
NEW: sdk-pr.aar

 AAR      │ old      │ new      │ diff 
──────────┼──────────┼──────────┼──────
      jar │ 59.4 KiB │ 59.4 KiB │  0 B 
 manifest │    411 B │    411 B │  0 B 
      res │ 78.2 KiB │ 78.2 KiB │  0 B 
    other │    1 KiB │    1 KiB │  0 B 
──────────┼──────────┼──────────┼──────
    total │  139 KiB │  139 KiB │  0 B 

 JAR     │ old │ new │ diff      
─────────┼─────┼─────┼───────────
 classes │  38 │  38 │ 0 (+0 -0) 
 methods │ 569 │ 569 │ 0 (+0 -0) 
  fields │ 174 │ 174 │ 0 (+0 -0)

@github-actions
Copy link
Copy Markdown

github-actions bot commented Dec 1, 2025

Benchmark report:

Test name Time ms. (median) Allocations (median)
com.hcaptcha.sdk.HCaptchaBenchmarkTest.EMULATOR_UNLOCKED_benchmarkInvisibleVerification +638.00 +770
com.hcaptcha.sdk.HCaptchaBenchmarkTest.EMULATOR_UNLOCKED_benchmarkInvisibleVerificationColdRun +751.08 +1010
com.hcaptcha.sdk.HCaptchaBenchmarkTest.EMULATOR_UNLOCKED_benchmarkInvisibleSetup +5.33 +230
com.hcaptcha.sdk.HCaptchaDebugInfoTest.EMULATOR_UNLOCKED_benchmarkDebugInfo +21.42 -5595
com.hcaptcha.sdk.HCaptchaDebugInfoTest.EMULATOR_UNLOCKED_benchmarkDebugSys +59.42 -19

@e271828- e271828- marked this pull request as ready for review December 1, 2025 18:13
@e271828- e271828- merged commit 12e478e into main Dec 1, 2025
11 checks passed
@e271828- e271828- deleted the tighten branch December 1, 2025 18:14
@amintaokhalid282-a11y
Copy link
Copy Markdown

amintaokhalid282-a11y commented Dec 1, 2025 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CAMOBAP CAMOBAP Awaiting requested review from CAMOBAP

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@e271828- @amintaokhalid282-a11y @CAMOBAP @alexbabrykovich