Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: temporalio/temporal
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: main
Choose a base ref
...
head repository: nonfx/temporal
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 1 commit
  • 1 file changed
  • 2 contributors

Commits on Apr 6, 2026

  1. ci: add secure build-and-push workflow for custom Temporal images 

    - SHA-pin all GitHub Actions (supply chain hardening)
- Scan images with Trivy before push; block on CRITICAL/HIGH findings
- Configure OIDC via AWS_OIDC_ROLE_ARN secret (no hardcoded account IDs)
- Use self-hosted amd64 runner group
- Derive ECR registry dynamically from ecr-login outputs
- Validate PostgreSQL schema copy before Docker build
- Add role-session-name for CloudTrail attribution
- Summary step runs on always() for visibility on failure

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
    @ssghait007 @claude
    ssghait007 and claude committed Apr 6, 2026
    Configuration menu
    Copy the full SHA
    7087e28 View commit details
    Browse the repository at this point in the history
Loading