Skip to content

v1.0.0 — truecopy as a CI gate

Choose a tag to compare

@askalf askalf released this 12 Jul 15:21
c715b08

The first release under the truecopy name (renamed from canon-action; the old name still redirects). @v1 now installs truecopy v0.8.0 with the current action.

  • verify — fail the build if any pinned skill drifted, turned poisonous, or is signed by an untrusted key
  • scan — poison-scan a manifest, skill directory, or a cloned marketplace repo, no lock required
  • Fixed: pre-rename repos with a committed canon.lock now verify correctly through the action — the lock input no longer forces --lock truecopy.lock and defeats truecopy's own fallback
  • Zero third-party action dependencies · OpenSSF Scorecard + CodeQL · workflows pinned by SHA
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: askalf/truecopy-action@v1

Pin askalf/truecopy-action@v1 to track patches, or @<full-sha> for an airtight supply chain.

Full changelog: v0.1.0...v1.0.0