fix(a11y): honour reduced-motion on the thinking timer + name the send button #2170
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Container security: Dockerfile lint | |
| # | |
| # Purpose: the Docker image is how most people run Odysseus, so it is part of | |
| # the attack surface. hadolint lints the Dockerfile for mistakes and insecure | |
| # patterns (running as root longer than needed, unpinned base image, bad apt | |
| # usage). Blocking. | |
| # | |
| # The image vulnerability scan (Trivy, advisory) lives in its own file, | |
| # container-trivy.yml. Keeping it separate lets that advisory scan be | |
| # path-filtered and held to a read-only token on pull requests without | |
| # weakening this blocking gate, which must always report so a required check | |
| # never hangs. | |
| # | |
| # Note: a separate open PR (#120) proposes a local `scripts/scan_image.py`. | |
| # This job is complementary -- it is a CI gate, not a script a contributor has | |
| # to remember to run. | |
| name: Container scan | |
| on: | |
| pull_request: | |
| push: | |
| branches: [main] | |
| workflow_dispatch: | |
| permissions: {} | |
| concurrency: | |
| group: container-scan-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| hadolint: | |
| name: hadolint (Dockerfile lint) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Lint Dockerfile | |
| uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0 | |
| with: | |
| dockerfile: Dockerfile | |
| # DL3008: pinning apt package versions is impractical on a -slim base | |
| # image. Debian purges old package versions from its repos, so a | |
| # pinned version breaks future rebuilds. The base image itself is | |
| # what should be pinned (tracked by Dependabot's docker ecosystem). | |
| ignore: DL3008 |