CERBERUS/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-06-26 01:16:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

🛡️ chore: Harden CI Supply Chain Workflows (#13090)

Browse source 
* chore: harden CI supply chain workflows

* chore: address CI hardening review feedback

* chore: tighten GitNexus dispatch hardening

* chore: use app token for Locize PR automation

* chore: use dedicated token for Locize PR automation
This commit is contained in:
Danny Avila 2026-05-18 16:55:25 -04:00 committed by GitHub
parent 68eac104ad
commit 21574f02ca
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
22 changed files with 347 additions and 108 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.github/workflows/deploy-dev.yml vendored
View file

@ -7,6 +7,9 @@ on:
- completed
workflow_dispatch:
permissions:
contents: read
jobs:
deploy:
runs-on: ubuntu-latest
@ -29,7 +32,7 @@ jobs:
DO_HOST: ${{ secrets.DO_HOST }}
DO_USER: ${{ secrets.DO_USER }}
run: |
ssh -o StrictHostKeyChecking=no ${DO_USER}@${DO_HOST} << EOF
ssh ${DO_USER}@${DO_HOST} << EOF
sudo -i -u danny bash << 'EEOF'
cd ~/LibreChat && \
git fetch origin main && \