Skip to content

Comments

fix docker-verify-refreshed-at-updated workflow#284

Merged
kernelsam merged 1 commit intomainfrom
fix-docker-verify-refreshed-at-updated
Feb 18, 2026
Merged

fix docker-verify-refreshed-at-updated workflow#284
kernelsam merged 1 commit intomainfrom
fix-docker-verify-refreshed-at-updated

Conversation

@kernelsam
Copy link
Contributor

Add pull-requests: read permission to docker-verify-refreshed-at-updated.yaml and remove incorrectly named verify-dockerfile-refreshed-at-updated.yaml.

Add pull-requests: read permission and remove incorrectly named
verify-dockerfile-refreshed-at-updated.yaml workflow file.
@kernelsam kernelsam requested a review from a team as a code owner February 18, 2026 22:35
@kernelsam kernelsam enabled auto-merge (squash) February 18, 2026 22:36
@github-actions
Copy link
Contributor

🤖 Claude Code Review

Code Review

This PR consolidates two duplicate workflow files into one and adds the pull-requests: read permission needed by the reusable workflow.


Code Quality

✅ Code style: YAML formatting is consistent and clean.

✅ No commented-out code: The removed comment lines (# Required status check: ...) were informational notes, not disabled code. Their removal is acceptable.

✅ DRY principle: Deleting verify-dockerfile-refreshed-at-updated.yaml eliminates a duplicate that called the same reusable workflow. Good consolidation.

⚠️ Potential behavioral change: The deleted verify-dockerfile-refreshed-at-updated.yaml triggered on pull_request: with no branch filter (i.e., all PRs, all branches). The remaining docker-verify-refreshed-at-updated.yaml triggers only on PRs targeting [main]. If PRs to non-main branches should also verify Dockerfile timestamps, that coverage is now gone. Confirm this is intentional.

✅ No defects: The permission addition is correct — pull-requests: read is required by the reusable workflow to read PR metadata.


Testing

N/A: CI/CD workflow changes do not require unit/integration tests.


Documentation

⚠️ Removed status check documentation (.github/workflows/docker-verify-refreshed-at-updated.yaml, lines that were removed): The deleted comments explained which check is required for GitHub branch protection rules:

# Required status check: Verify Dockerfiles REFRESHED_AT Updated / Dockerfile Check Status
# The other status checks beginning with "Verify Dockerfiles REFRESHED_AT Updated / ..." are not required.

This is operationally useful for maintainers configuring branch protection. If these status checks are still required, consider preserving this information in a CONTRIBUTING.md, DEVELOPMENT.md, or the repo wiki rather than discarding it entirely.

⚠️ CHANGELOG.md not updated: The [Unreleased] section is empty. This is a workflow fix — whether it warrants a changelog entry depends on project convention, but it's worth confirming.


Security

✅ No hardcoded credentials.

✅ Least-privilege permissions: The remaining workflow already has permissions: {} at the workflow level (line 11), and the job grants only contents: read and pull-requests: read. This is correct.

✅ No sensitive data in logs.

✅ No license files (.lic) present.


Summary

Area Status
Code Quality ✅ with one behavioral note
Testing N/A
Documentation ⚠️ status check comment removed; CHANGELOG empty
Security

Overall: The change is correct and clean. Two items to confirm before merging:

  1. Is it intentional that Dockerfile timestamp checks no longer run on PRs targeting non-main branches?
  2. Should the removed status-check documentation be preserved elsewhere?

Automated code review analyzing defects and coding standards

@github-actions
Copy link
Contributor

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@kernelsam kernelsam merged commit a69dbe5 into main Feb 18, 2026
42 checks passed
@kernelsam kernelsam deleted the fix-docker-verify-refreshed-at-updated branch February 18, 2026 22:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants