ci: add plugin sdk package contract codeql quality shard (#74342) · openclaw/openclaw@dda765c
hxy91819
·
2026-04-29
·
via Recent Commits to openclaw:main
| Original file line number | Diff line number | Diff line change |
|---|
@@ -307,7 +307,10 @@ understanding, image-generation, and media-generation runtime contracts under
|
307 | 307 | the separate `/codeql-critical-quality/web-media-runtime-boundary` category. The |
308 | 308 | plugin-boundary job scans loader, registry, public-surface, and Plugin SDK |
309 | 309 | entrypoint contracts under a separate `/codeql-critical-quality/plugin-boundary` |
310 | | -category. Keep the workflow separate from security so quality findings can be |
| 310 | +category. The plugin-sdk-package-contract job scans the published package-side |
| 311 | +Plugin SDK source and plugin package contract helpers under the separate |
| 312 | +`/codeql-critical-quality/plugin-sdk-package-contract` category. Keep the |
| 313 | +workflow separate from security so quality findings can be |
311 | 314 | scheduled, measured, disabled, or expanded without obscuring security signal. |
312 | 315 | Swift, Python, and bundled-plugin CodeQL expansion should be added back as |
313 | 316 | scoped or sharded follow-up work only after the narrow profiles have stable |
|
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。