chore(ci): Maximize CI/CD values (Dependabot & Permissions)#45
chore(ci): Maximize CI/CD values (Dependabot & Permissions)#45hyperpolymath merged 7 commits intomainfrom
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 70e19a4822
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| - name: Trigger BoJ Server (Casket/ssg-mcp) | ||
| run: | | ||
| # Send a secure trigger to boj-server to build this repository | ||
| curl -X POST "http://boj-server.local:7700/cartridges/ssg-mcp/invoke" -H "Content-Type: application/json" -d "{\"repo\": \"${{ github.repository }}\", \"branch\": \"${{ github.ref_name }}\", \"engine\": \"casket\\"}"} |
There was a problem hiding this comment.
curl -d payload in the BoJ trigger
The run script's -d argument currently ends with "casket\\"}"} which leaves the shell with an unmatched double quote and an extra }. I copied the resolved command into bash -n and it fails with unexpected EOF while looking for matching '"', so this step never reaches curl and the new workflow cannot trigger BoJ at all.
Useful? React with 👍 / 👎.
| - name: Trigger BoJ Server (Casket/ssg-mcp) | ||
| run: | | ||
| # Send a secure trigger to boj-server to build this repository | ||
| curl -X POST "http://boj-server.local:7700/cartridges/ssg-mcp/invoke" -H "Content-Type: application/json" -d "{\"repo\": \"${{ github.repository }}\", \"branch\": \"${{ github.ref_name }}\", \"engine\": \"casket\\"}"} |
There was a problem hiding this comment.
This job runs on a stock ubuntu-latest runner and only performs actions/checkout, so there is nothing here that makes boj-server.local:7700 reachable (no services: block, tunnel, or self-hosted runner label). Even after fixing the quoting bug above, GitHub-hosted executions will still fail to contact BoJ and, because the step is marked continue-on-error, the repository will silently skip the intended build trigger on every push.
Useful? React with 👍 / 👎.
1 participant
This automated PR updates your CI/CD configurations to maximize value and security.
github-actionsis monitored for updates.permissions: read-allto workflows missing explicit permissions.