From 642e73490f0a92224a1a4939f4fe0e76d0df4d7e Mon Sep 17 00:00:00 2001 From: Nathan Gillett Date: Fri, 22 May 2026 19:10:41 -0500 Subject: [PATCH 1/2] Add security-advisory-publish workflow caller Wire workflow_dispatch OSV mirror verification to the shared intentproof-infra reusable workflow. Signed-off-by: Nathan Gillett --- .../workflows/security-advisory-publish.yml | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/workflows/security-advisory-publish.yml diff --git a/.github/workflows/security-advisory-publish.yml b/.github/workflows/security-advisory-publish.yml new file mode 100644 index 0000000..1aec037 --- /dev/null +++ b/.github/workflows/security-advisory-publish.yml @@ -0,0 +1,25 @@ +name: security-advisory-publish + +on: + workflow_dispatch: + inputs: + ghsa_id: + description: Published GHSA id (GHSA-xxxx-xxxx-xxxx) + required: true + type: string + cve_id: + description: Optional CVE id assigned via GitHub-as-CNA + required: false + type: string + +permissions: + contents: read + security-events: read + +jobs: + verify-osv-mirror: + uses: IntentProof/intentproof-infra/.github/workflows/security-advisory-publish.yml@bba7e1e + with: + ghsa_id: ${{ inputs.ghsa_id }} + cve_id: ${{ inputs.cve_id }} + secrets: inherit From 4acdb51686ba0725723fd3f63f7bb1e3e4c6dcdd Mon Sep 17 00:00:00 2001 From: Nathan Gillett Date: Fri, 22 May 2026 19:30:02 -0500 Subject: [PATCH 2/2] Pin advisory workflow to full infra merge SHA Use 40-character ref for intentproof-infra reusable workflow after merge of PR #20. Signed-off-by: Nathan Gillett --- .github/workflows/security-advisory-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/security-advisory-publish.yml b/.github/workflows/security-advisory-publish.yml index 1aec037..7741cc5 100644 --- a/.github/workflows/security-advisory-publish.yml +++ b/.github/workflows/security-advisory-publish.yml @@ -18,7 +18,7 @@ permissions: jobs: verify-osv-mirror: - uses: IntentProof/intentproof-infra/.github/workflows/security-advisory-publish.yml@bba7e1e + uses: IntentProof/intentproof-infra/.github/workflows/security-advisory-publish.yml@064f4a1fb91998960343fb14cb912cbbd6c4cd82 with: ghsa_id: ${{ inputs.ghsa_id }} cve_id: ${{ inputs.cve_id }}