Skip to content

Update policy-enforcement.yml#18

Open
mr-adonis-jimenez wants to merge 1 commit into
mainfrom
mr-adonis-jimenez-patch-10
Open

Update policy-enforcement.yml#18
mr-adonis-jimenez wants to merge 1 commit into
mainfrom
mr-adonis-jimenez-patch-10

Conversation

@mr-adonis-jimenez

@mr-adonis-jimenez mr-adonis-jimenez commented Jan 23, 2026

Copy link
Copy Markdown
Owner

Harden CI policy enforcement and validation gates

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 84a66ad950

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +51 to +55
if [ "${{ github.event_name }}" = "pull_request" ]; then
git fetch origin ${{ github.base_ref }}
RANGE="origin/${{ github.base_ref }}...HEAD"
else
RANGE="HEAD~1..HEAD"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Check every commit in a push, not only the last one

For push events, the verification range is set to HEAD~1..HEAD, which only inspects the most recent commit. If a push to main contains multiple commits and any earlier commit is unsigned or unverified, this job will still pass because those commits aren’t in the range. This weakens the policy enforcement for multi-commit pushes; consider using the push range (${{ github.event.before }}..${{ github.sha }}) or a similar range that includes all commits in the push.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant