Fix CheckYourself org defaults findings#51
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0e565b0b19
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| jobs: | ||
| python-tests: | ||
| name: Python tests | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
This newly added CI job runs on ubuntu-latest, but the repository instructions in /workspace/.github/AGENTS.md require CI checks to run on blacksmith-2vcpu-ubuntu-2404. Because this workflow is intended to provide the repo's Python test coverage, it will either fail org policy expectations or leave the new required check running on the wrong runner class; please switch this job to the Blacksmith runner.
Useful? React with 👍 / 👎.
1 participant
Summary\n- pin GitHub Actions to full commit SHAs and disable checkout credential persistence\n- add this repo's Dependabot config for workflow updates\n- add Python unit tests plus CI coverage for the org agent scripts\n- ignore private key files and Python cache artifacts\n- keep generated Agent Law workflow output pinned too\n\n## Verification\n- python3 -m unittest discover -s tests\n- python3 -m py_compile scripts/check-agent-parity.py scripts/provision-agent-law.py tests/test_agent_defaults.py\n- workflow YAML parse check\n- CheckYourself deep scan: 0 open findings\n- git diff --check
Need help on this PR? Tag
@codesmithwith what you need. Autofix is disabled.