diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml index 5f8a14e..e429d77 100644 --- a/.github/workflows/pypi.yml +++ b/.github/workflows/pypi.yml @@ -26,6 +26,8 @@ jobs: id-token: write steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + ref: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.head_sha || github.sha }} - name: Determine version/tag id: version diff --git a/.github/workflows/release-docker.yml b/.github/workflows/release-docker.yml index c7367a1..1657506 100644 --- a/.github/workflows/release-docker.yml +++ b/.github/workflows/release-docker.yml @@ -48,6 +48,8 @@ jobs: # otherwise just use the SHA tied to the release / manual dispatch. # ----------------------------------------------------------------------- - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + ref: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.head_sha || github.sha }} # ----------------------------------------------------------------------- # Decide which tag we’re going to publish diff --git a/.github/workflows/release-provenance.yml b/.github/workflows/release-provenance.yml index 2d7d162..c3adb37 100644 --- a/.github/workflows/release-provenance.yml +++ b/.github/workflows/release-provenance.yml @@ -10,7 +10,7 @@ jobs: # Compute SHA256 hashes of all release assets hash: name: Compute artifact hashes - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: contents: read outputs: diff --git a/SECURITY.md b/SECURITY.md index bf7f7c0..1a6eb8b 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,11 +2,6 @@ ## Reporting a Vulnerability -If you discover a security vulnerability in Kingfisher, please report it -responsibly. **Do not open a public GitHub issue.** - -## Reporting a Vulnerability - If you discover a security vulnerability in Kingfisher, please follow MongoDB's responsible disclosure process: - **Do not publicly disclose the vulnerability.**