Skip to content

ci: harden CI per Astral's open-source security recommendations #5029

ci: harden CI per Astral's open-source security recommendations

ci: harden CI per Astral's open-source security recommendations #5029

Triggered via pull request June 29, 2026 13:37
Status Success
Total duration 1h 50m 44s
Artifacts 14

static.yaml

on: pull_request
Matrix: build-linux-gnu
Matrix: build-linux-musl
Matrix: build-mac
Fit to window
Zoom out
Zoom in

Annotations

7 warnings
Build macOS arm64 binaries
The following taps are not trusted: aws/tap Homebrew is currently ignoring formulae, casks and commands from these taps because tap trust is required. Untap them with: brew untap aws/tap Trust specific formulae, casks and commands with: brew trust --formula <user>/<tap>/<formula> brew trust --cask <user>/<tap>/<cask> brew trust --command <user>/<tap>/<command> Whole-tap trust is broader and includes all current and future formulae, casks and commands from the listed taps. Trust whole taps with: brew trust aws/tap To disable trust checks: export HOMEBREW_NO_REQUIRE_TAP_TRUST=1 This is not recommended and will be removed in a later release. For more information, see: https://docs.brew.sh/Tap-Trust
Build macOS arm64 binaries
The following taps are not trusted: aws/tap Homebrew is currently ignoring formulae, casks and commands from these taps because tap trust is required. Untap them with: brew untap aws/tap Trust specific formulae, casks and commands with: brew trust --formula <user>/<tap>/<formula> brew trust --cask <user>/<tap>/<cask> brew trust --command <user>/<tap>/<command> Whole-tap trust is broader and includes all current and future formulae, casks and commands from the listed taps. Trust whole taps with: brew trust aws/tap To disable trust checks: export HOMEBREW_NO_REQUIRE_TAP_TRUST=1 This is not recommended and will be removed in a later release. For more information, see: https://docs.brew.sh/Tap-Trust
Build macOS arm64 binaries
The following taps are not trusted: aws/tap Homebrew is currently ignoring formulae, casks and commands from these taps because tap trust is required. Untap them with: brew untap aws/tap Trust specific formulae, casks and commands with: brew trust --formula <user>/<tap>/<formula> brew trust --cask <user>/<tap>/<cask> brew trust --command <user>/<tap>/<command> Whole-tap trust is broader and includes all current and future formulae, casks and commands from the listed taps. Trust whole taps with: brew trust aws/tap To disable trust checks: export HOMEBREW_NO_REQUIRE_TAP_TRUST=1 This is not recommended and will be removed in a later release. For more information, see: https://docs.brew.sh/Tap-Trust
Build macOS arm64 binaries
The following taps are not trusted: aws/tap Homebrew is currently ignoring formulae, casks and commands from these taps because tap trust is required. Untap them with: brew untap aws/tap Trust specific formulae, casks and commands with: brew trust --formula <user>/<tap>/<formula> brew trust --cask <user>/<tap>/<cask> brew trust --command <user>/<tap>/<command> Whole-tap trust is broader and includes all current and future formulae, casks and commands from the listed taps. Trust whole taps with: brew trust aws/tap To disable trust checks: export HOMEBREW_NO_REQUIRE_TAP_TRUST=1 This is not recommended and will be removed in a later release. For more information, see: https://docs.brew.sh/Tap-Trust
Build macOS x86_64 binaries
The following taps are not trusted: aws/tap Homebrew is currently ignoring formulae, casks and commands from these taps because tap trust is required. Untap them with: brew untap aws/tap Trust specific formulae, casks and commands with: brew trust --formula <user>/<tap>/<formula> brew trust --cask <user>/<tap>/<cask> brew trust --command <user>/<tap>/<command> Whole-tap trust is broader and includes all current and future formulae, casks and commands from the listed taps. Trust whole taps with: brew trust aws/tap To disable trust checks: export HOMEBREW_NO_REQUIRE_TAP_TRUST=1 This is not recommended and will be removed in a later release. For more information, see: https://docs.brew.sh/Tap-Trust
Build macOS x86_64 binaries
The following taps are not trusted: aws/tap Homebrew is currently ignoring formulae, casks and commands from these taps because tap trust is required. Untap them with: brew untap aws/tap Trust specific formulae, casks and commands with: brew trust --formula <user>/<tap>/<formula> brew trust --cask <user>/<tap>/<cask> brew trust --command <user>/<tap>/<command> Whole-tap trust is broader and includes all current and future formulae, casks and commands from the listed taps. Trust whole taps with: brew trust aws/tap To disable trust checks: export HOMEBREW_NO_REQUIRE_TAP_TRUST=1 This is not recommended and will be removed in a later release. For more information, see: https://docs.brew.sh/Tap-Trust
Build macOS x86_64 binaries
The following taps are not trusted: aws/tap Homebrew is currently ignoring formulae, casks and commands from these taps because tap trust is required. Untap them with: brew untap aws/tap Trust specific formulae, casks and commands with: brew trust --formula <user>/<tap>/<formula> brew trust --cask <user>/<tap>/<cask> brew trust --command <user>/<tap>/<command> Whole-tap trust is broader and includes all current and future formulae, casks and commands from the listed taps. Trust whole taps with: brew trust aws/tap To disable trust checks: export HOMEBREW_NO_REQUIRE_TAP_TRUST=1 This is not recommended and will be removed in a later release. For more information, see: https://docs.brew.sh/Tap-Trust

Artifacts

Produced during runtime
Name Size Digest
frankenphp-linux-aarch64
156 MB
sha256:322cdf775b61e5c0d969ec8dad6c41ce4e037ae3591ef2f615891d84b7b89b54
frankenphp-linux-aarch64-gnu-files
55.8 MB
sha256:6e2bdd29b05d51f3338e4caf0027fe3dfb2d49d06f06e53f3a4577d81407d407
frankenphp-linux-x86_64
162 MB
sha256:b8aeb4a2b6477d5f6614633664bbaf0e058e0cd1b262fd06ad719bf389e8be87
frankenphp-linux-x86_64-debug
213 MB
sha256:745ae747864825110eb6d3b02169be49079741ce5bab64b453ee76ae1fb9886f
frankenphp-linux-x86_64-gnu-files
57.1 MB
sha256:f08ddb81ae0b4cfa5791505f93e548afa74728a3f17f4754483a7e2035a46fa5
frankenphp-linux-x86_64-mimalloc
162 MB
sha256:3c8819fa798b03b1c1d99fa3891a4f69d5cd4a7cd4dec5677f3b78ed53b8f787
frankenphp-mac-arm64
168 MB
sha256:c281ed2e1c1602522436e830fdd1df2fe05d113faf075aa2bcc7200d3da29c80
frankenphp-mac-x86_64
177 MB
sha256:74abba7d1b5f63acd62e0da1da471052e6f8e718288cf5981715375eb7074014
php~frankenphp~22XEHX.dockerbuild
341 KB
sha256:32d1f96eddf85ce28586864c2719250f77eb93661fa7819f82abc5bbbd16b432
php~frankenphp~EU19AZ.dockerbuild
295 KB
sha256:0f56d94aa7434fb1d6d93afc17434021379d83a075e191c5ad753360ba3aaa59
php~frankenphp~KAX2IY.dockerbuild
298 KB
sha256:11c8d4e3c6505d3ed49bb2546f36b20de984220152ee7612650c949205bc4237
php~frankenphp~M88J8P.dockerbuild
329 KB
sha256:4e9e7b75f09ae71a70a250c73b979167dd3f7394c746404d8360cb5f5e20286c
php~frankenphp~N6PF2H.dockerbuild
287 KB
sha256:ad300f084e85d7c5304b2c64bfb05ec9b66c2067e3238eed5ca974f4197083e5
php~frankenphp~R0XVA1.dockerbuild
289 KB
sha256:8f60cb19bb8e93bc4d93dd1d32a839bd2a170e4e19bca0e5ffe9d48d1ea7f6fb