PR-D: Temporarily disable ci-gpu gpu_public lane with fail-fast guard by lmeyerov · Pull Request #1141 · graphistry/pygraphistry

lmeyerov · 2026-04-18T05:37:58Z

Summary:
Temporarily lock down the GPU CI workflow while gpu_public is unavailable and PR-D hardening is pending.

Changes:

Add gpu-disabled-guard job that fails fast when GPU-triggered paths are invoked (workflow_dispatch, repository_dispatch, labeled PRs with gpu-ci)
Temporarily disable gpu-permission, cancel_outstanding, and test-full-ai jobs via if: ${{ false }}
Add explicit inline comments in ci-gpu.yml referencing issue Umbrella: Harden untrusted PR CI + Codex agent security model #1130 for re-enable criteria
Add changelog entry documenting temporary GPU lockdown

Why:

Prevent untrusted or accidental execution on unavailable or non-hardened gpu_public runners
Keep trigger path visible with actionable failure instead of silent skip

Re-enable criteria:
Re-enable only after issue #1130 acceptance criteria are met (self-hosted/GPU isolation plus promotion gate).

Closes part of #1130.

ci(gpu): disable gpu_public lane with fail-fast guard pending #1130

f762be9

lmeyerov mentioned this pull request Apr 18, 2026

Umbrella: Harden untrusted PR CI + Codex agent security model #1130

Closed

9 tasks

lmeyerov merged commit 2cad70d into master Apr 18, 2026
48 of 49 checks passed

lmeyerov deleted the chore/1130-disable-gpu-public branch April 18, 2026 05:40

lmeyerov mentioned this pull request Apr 27, 2026

PR-C: re-enable promoted GPU lane (deferred — no GPU strategy) #1225

Open

Provide feedback