Files
ccs/.github/workflows/sync-ccs-backlog-project.yml
Kai (Tam Nhu) TranandGitHub 2273757c83 fix(ci): harden self-hosted workflow trust boundaries
Keep active CCS workflows on self-hosted runners, gate self-hosted PR execution to trusted authors, and scope privileged release credentials to the exact git operations that need them.
2026-05-12 12:34:15 -04:00

41 lines
798 B
YAML

name: Sync CCS Backlog Project
on:
issues:
types:
- opened
- reopened
- closed
- labeled
- unlabeled
workflow_dispatch:
schedule:
- cron: '17 3 * * *'
concurrency:
group: sync-ccs-backlog-project
cancel-in-progress: false
permissions:
contents: read
issues: read
jobs:
sync-project:
runs-on: [self-hosted, linux, x64]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: '22'
- name: Sync CCS Backlog project
env:
GH_TOKEN: ${{ secrets.CCS_PROJECT_AUTOMATION_TOKEN }}
CCS_PROJECT_OWNER: kaitranntt
CCS_PROJECT_NUMBER: '3'
run: node scripts/github/ccs-backlog-sync.mjs