Skip to content

AUR publishing workflow#6132

Merged
Frooodle merged 4 commits intomainfrom
aur-publish-workflow
Apr 17, 2026
Merged

AUR publishing workflow#6132
Frooodle merged 4 commits intomainfrom
aur-publish-workflow

Conversation

@Frooodle
Copy link
Copy Markdown
Member

@Frooodle Frooodle commented Apr 17, 2026

Description of Changes

Checklist

General

Documentation

Translations (if applicable)

UI Changes (if applicable)

  • Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR)

Testing (if applicable)

  • I have run task check to verify linters, typechecks, and tests pass
  • I have tested my changes locally. Refer to the Testing Guide for more details.

@dosubot dosubot bot added the size:L This PR changes 100-499 lines ignoring generated files. label Apr 17, 2026
@stirlingbot stirlingbot bot added the Github label Apr 17, 2026
Frooodle and others added 2 commits April 17, 2026 23:12
@Frooodle @aikido-pr-checks
Update .github/workflows/aur-publish.yml
ae273e6 
Co-authored-by: aikido-pr-checks[bot] <169896070+aikido-pr-checks[bot]@users.noreply.github.com>
@Frooodle @aikido-pr-checks
Update .github/workflows/aur-publish.yml
3a9af73 
Co-authored-by: aikido-pr-checks[bot] <169896070+aikido-pr-checks[bot]@users.noreply.github.com>
@Frooodle Frooodle merged commit ab19cf1 into main Apr 17, 2026
13 of 14 checks passed
@Frooodle Frooodle deleted the aur-publish-workflow branch April 17, 2026 22:12
aikido-pr-checks[bot]
aikido-pr-checks bot reviewed Apr 17, 2026
View reviewed changes
Comment thread .github/workflows/aur-publish.yml
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
Copy link
Copy Markdown
Contributor

@aikido-pr-checks aikido-pr-checks bot Apr 17, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3rd party Github Actions should be pinned - high severity
A third-party GitHub Action was imported, and is not pinned via a hash. This leaves your CI/CD at risk for potential supply chain attacks, if the affected GitHub Action is compromised.

Suggested change
uses: step-security/harden-runner@v2
uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0

Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info

aikido-pr-checks[bot]
aikido-pr-checks bot reviewed Apr 17, 2026
View reviewed changes
Comment thread .github/workflows/aur-publish.yml

- name: Publish stirling-pdf-server-bin to AUR
if: ${{ github.event_name == 'release' || inputs.dry_run == false }}
uses: KSXGitHub/github-actions-deploy-aur@v4.1.1
Copy link
Copy Markdown
Contributor

@aikido-pr-checks aikido-pr-checks bot Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3rd party Github Actions should be pinned - high severity
A third-party GitHub Action was imported, and is not pinned via a hash. This leaves your CI/CD at risk for potential supply chain attacks, if the affected GitHub Action is compromised.

Show fix

Remediation: When using 3rd party Actions in your GitHub Workflow, it is a best practice to pin the version by including the commit hash. You can retrieve the commit hash from the releases tab of the affected GitHub's Action repository. For example:

The commit hash for https://github.com/actions/setup-node/releases/v4.1.0 is 39370e3970a6d050c480ffad4ff0ed4d3fdee5af. When pinning, the Action's definition would be: - uses: actions/setup-node@39370e3.

Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info

@stirlingbot
Copy link
Copy Markdown
Contributor

stirlingbot bot commented Apr 17, 2026

🚀 Auto-deploying V2 version for PR #6132...

This is an automated deployment for approved V2 contributors.

⚠️ Note: If new commits are pushed during deployment, this build will be cancelled and replaced with the latest version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@reecebrowne reecebrowne Awaiting requested review from reecebrowne reecebrowne is a code owner

@ConnorYoh ConnorYoh Awaiting requested review from ConnorYoh ConnorYoh is a code owner

@EthanHealy01 EthanHealy01 Awaiting requested review from EthanHealy01 EthanHealy01 is a code owner

@jbrunton96 jbrunton96 Awaiting requested review from jbrunton96 jbrunton96 is a code owner

@Ludy87 Ludy87 Awaiting requested review from Ludy87 Ludy87 is a code owner

1 more reviewer

@aikido-pr-checks aikido-pr-checks[bot] aikido-pr-checks[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Github size:L This PR changes 100-499 lines ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Frooodle