3x-ui/.github
MHSanaei 659f0f404c
Some checks failed
CI / go-test (push) Waiting to run
CI / codegen (push) Waiting to run
CI / govulncheck (push) Waiting to run
CI / race (push) Waiting to run
CI / fuzz-smoke (push) Waiting to run
CI / golangci (push) Waiting to run
CI / frontend (push) Waiting to run
CodeQL Advanced / Analyze (go) (push) Waiting to run
CodeQL Advanced / Analyze (actions) (push) Waiting to run
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
Release 3X-UI / build (386) (push) Waiting to run
Release 3X-UI / build (amd64) (push) Waiting to run
Release 3X-UI / build (arm64) (push) Waiting to run
Release 3X-UI / build (armv5) (push) Waiting to run
Release 3X-UI / build (armv6) (push) Waiting to run
Release 3X-UI / build (armv7) (push) Waiting to run
Release 3X-UI / build (s390x) (push) Waiting to run
Release 3X-UI / Build for Windows (push) Waiting to run
Release 3X-UI / Publish rolling dev release (push) Blocked by required conditions
Deploy Smoke Tests / noninteractive-install (ubuntu-24.04-arm) (push) Has been cancelled
Deploy Smoke Tests / noninteractive-install (ubuntu-latest) (push) Has been cancelled
Deploy Smoke Tests / release-tag-install (ubuntu-24.04-arm) (push) Has been cancelled
Deploy Smoke Tests / release-tag-install (ubuntu-latest) (push) Has been cancelled
fix(ci): stop executing tag-checkout code in the release smoke test
CodeQL alert 99 (actions/cache-poisoning/poisonable-step): the workflow_run
job runs in the default branch's cache scope, so checking out
workflow_run.head_sha and executing a script from it is a cache-poisoning
surface. The if-guard (event == 'push') already kept fork PRs out, but the
checkout pin was never the load-bearing part of the release verification —
the version argument is, since install.sh downloads that exact release
binary. Run the smoke script from the default branch instead, which also
matches what real users execute.
2026-07-07 01:23:10 +02:00
..
ISSUE_TEMPLATE chore(github): overhaul issue and PR templates 2026-05-24 22:14:28 +02:00
workflows fix(ci): stop executing tag-checkout code in the release smoke test 2026-07-07 01:23:10 +02:00
dependabot.yml Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275) 2026-05-13 12:52:52 +02:00
FUNDING.yml chore(github): overhaul issue and PR templates 2026-05-24 22:14:28 +02:00
pull_request_template.md chore(github): overhaul issue and PR templates 2026-05-24 22:14:28 +02:00