-
Notifications
You must be signed in to change notification settings - Fork 3
Merge next to main #35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Changes from all commits
Commits
Show all changes
25 commits
Select commit
Hold shift + click to select a range
0b296dc
Merge pull request #31 from fedify-dev/main
sij411 64365af
Add License descriptions
sij411 bd3c889
Add feder-runtime-linux crate
sij411 04af867
Rename crate to feder-runtime-server since it will support Linux, Win…
sij411 87e64ac
Add server entry point that consumes config from env
sij411 e91d12e
Add RuntimeConfig and tracing
sij411 954d837
Add AppState and attach it to the server
sij411 2d3c74d
Document runtime server startup Assisted-by: Codex:gpt-5.5
sij411 0520f97
Add cross-platform Cargo test CI
sij411 833c4d1
Document Windows runtime server startup
sij411 d3f6799
Merge pull request #28 from sij411/phase2-linux-runtime
sij411 170b961
Update license description to allow only 3.0
sij411 a4ffb6a
Merge pull request #32 from sij411/chore/license
sij411 b8fe0ab
Add typed server runtime errors
sij411 aceee50
Add webfinger query handling with default config
sij411 c09097d
Add response header and return response
sij411 82da624
Add mise run test command
sij411 0121411
Test WebFinger discovery responses
sij411 6278df4
Implement actor endpoint
sij411 11e7af0
Test local ActivityPub actor endpoint
sij411 7d67af1
Implement note endpoint
sij411 6cc594f
Test public Note endpoint
sij411 07be8f9
Fix hardcoded URL to suffix
sij411 0cc162c
Enable tower's util
sij411 ccc1623
Merge pull request #33 from sij411/feat/ap-discovery
sij411 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win
Add
persist-credentials: falseto the new checkout step.Static analysis flags the new
cross-platformjob's checkout for credential persistence (artipacked). Since this job only runs tests and doesn't push/write to the repo, disable credential persistence.🔒️ Proposed fix
steps: - uses: actions/checkout@v6 + with: + persist-credentials: false - uses: dtolnay/rust-toolchain@stable - run: cargo test --workspace📝 Committable suggestion
🧰 Tools
🪛 zizmor (1.26.1)
[warning] 35-35: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
[warning] 24-38: overly broad permissions (excessive-permissions): default permissions used due to no permissions: block
(excessive-permissions)
🤖 Prompt for AI Agents
Source: Linters/SAST tools