Skip to content

revert(csp): restore nonce-based style-src (drop unsafe-inline) #29

revert(csp): restore nonce-based style-src (drop unsafe-inline)

revert(csp): restore nonce-based style-src (drop unsafe-inline) #29

Triggered via push June 23, 2026 15:15
Status Success
Total duration 6m 50s
Artifacts 2

ci.yml

on: push
Install Dependencies
23s
Install Dependencies
Lint
33s
Lint
Type Check
37s
Type Check
Unit Tests
1m 38s
Unit Tests
i18n Catalogs Fresh
27s
i18n Catalogs Fresh
Supply Chain (audit + SBOM)
32s
Supply Chain (audit + SBOM)
E2E (fast, fake provider)
1m 1s
E2E (fast, fake provider)
Final Status Check
4s
Final Status Check
Publish Container Image  /  build-and-push
2m 58s
Publish Container Image / build-and-push
PR Test Summary
PR Test Summary
Publish Kustomize Bundle  /  publish-kustomize-bundle
24s
Publish Kustomize Bundle / publish-kustomize-bundle
Fit to window
Zoom out
Zoom in

Annotations

3 warnings
Supply Chain (audit + SBOM)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Sensitive data should not be used in the ARG or ENV commands: Dockerfile#L29
SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "SENTRY_AUTH_TOKEN") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
Sensitive data should not be used in the ARG or ENV commands: Dockerfile#L26
SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ARG "SENTRY_AUTH_TOKEN") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/

Artifacts

Produced during runtime
Name Size Digest
datum-cloud~auth-ui~T94VJY.dockerbuild
67.7 KB
sha256:04c07d7dba9f9629b06251e4100b590d6f4e2c3e4cabb0418849f5546fb032e8
sbom-cyclonedx
79.2 KB
sha256:771ae552157315246d0c33f9591361c9f9affd99ca2230ee285005158fef1aaf