temporal icon indicating copy to clipboard operation
temporal copied to clipboard
verified publisher icon temporalio

Revert "fix: make release dep check job always run on PRs"

Open stpierre opened this issue 2 months ago • 1 comments

Reverts temporalio/temporal#8750

This turned out to be unnecessary; we already have a separate ruleset for release branches, so we can just make this status required in that ruleset. Usually Github makes it as hard as possible to require different statuses for different PRs, but the exception turns out to be when those PRs can be clearly separated by target branch name.

stpierre avatar Dec 09 '25 18:12 stpierre

Semgrep found 1 missing-explicit-permissions finding:

  • .github/workflows/check-release-dependencies.yml

No explicit GITHUB_TOKEN permissions found at the workflow or job level. Add a permissions: block at the workflow root (applies to all jobs) or per job with least privilege (e.g., contents: read and only specific writes like pull-requests: write if needed).

semgrep-managed-scans[bot] avatar Dec 09 '25 18:12 semgrep-managed-scans[bot]