apunkt/invisible_playwright
1
0
Fork 0
mirror of https://github.com/feder-cr/invisible_playwright.git synced 2026-06-10 08:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
invisible_playwright/.github/workflows
History
feder-cr 62cdf626a0 ci: pin actions to SHA + single-source the playwright pin (audit B6/B4) 
B6: pin every third-party action in the build/publish path to an immutable
commit SHA (a retagged actions/checkout or action-gh-release would otherwise
inject code into the binary users download). The other workflows (tests, webrtc,
launch-matrix) handle no secrets, so they're left on tags.

B4: the playwright pin lived in two workflow files with no shared source. Move
it to scripts/playwright_pin.txt that both read, so they can't drift. The drive
gate already ENFORCES playwright<->juggler compatibility (an incompatible pin
fails the launch/drive and nothing publishes); the file is the single bump point
when the juggler is re-synced.
2026-06-09 15:59:18 +02:00
..
firefox-launch-matrix.yml ci: fix firefox --version check (stdout match, not exit code) 2026-05-25 07:25:23 -07:00
release.yml ci: pin actions to SHA + single-source the playwright pin (audit B6/B4) 2026-06-09 15:59:18 +02:00
tests.yml tests: add/update .github/workflows/tests.yml 2026-05-15 20:01:59 -07:00
verify-assets.yml ci: pin actions to SHA + single-source the playwright pin (audit B6/B4) 2026-06-09 15:59:18 +02:00
webrtc-e2e.yml test(webrtc): realness sentinels + e2e behind a fake TCP-only SOCKS proxy 2026-06-06 18:39:03 +02:00