Commit ad37a31
committed
ci: migrate to hardened runners, disable publish during freeze
Switch all 7 workflow jobs from `ubuntu-latest` to the
`databricks-protected-runner-group` hardened runner group per
go/hardened-gha step 3.
Disable the release publish job during the release freeze per
go/hardened-gha step 7. The build job remains active for validation.
A clear comment marks when and how to re-enable.
Fix `.npmrc` from `package-lock=false` to `package-lock=true` so local
dev keeps the lockfile in sync with `npm ci` in CI.
Co-authored-by: Isaac1 parent 0214d10 commit ad37a31
3 files changed
+16
-6
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
8 | 8 | | |
9 | 9 | | |
10 | 10 | | |
11 | | - | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
12 | 14 | | |
13 | 15 | | |
14 | 16 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
13 | 13 | | |
14 | 14 | | |
15 | 15 | | |
16 | | - | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
17 | 19 | | |
18 | 20 | | |
19 | 21 | | |
| |||
34 | 36 | | |
35 | 37 | | |
36 | 38 | | |
37 | | - | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
38 | 42 | | |
39 | 43 | | |
40 | 44 | | |
| |||
75 | 79 | | |
76 | 80 | | |
77 | 81 | | |
78 | | - | |
| 82 | + | |
| 83 | + | |
| 84 | + | |
79 | 85 | | |
80 | 86 | | |
81 | 87 | | |
| |||
113 | 119 | | |
114 | 120 | | |
115 | 121 | | |
116 | | - | |
| 122 | + | |
| 123 | + | |
| 124 | + | |
117 | 125 | | |
118 | 126 | | |
119 | 127 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | | - | |
| 1 | + | |
0 commit comments