mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-05-29 06:31:32 +00:00
2f320cb35a
The workflow diffs base.sha..head.sha (two-dot), which compares the tip-of-main tree directly against the PR tip. When files land on main after a PR branched off, they appear in the diff even though the PR never touched them — triggering false-positive findings. Example: PR #30609 was flagged for hermes_cli/setup.py, a file added to main by an unrelated commit after the PR branched. Switch to three-dot diff (base.sha...head.sha), which diffs from the merge base to the PR tip — only changes introduced by this PR are included. Applied to all four diff commands in both jobs (scan and dep-bounds). |
||
|---|---|---|
| .. | ||
| contributor-check.yml | ||
| deploy-site.yml | ||
| docker-publish.yml | ||
| docs-site-checks.yml | ||
| history-check.yml | ||
| lint.yml | ||
| nix-lockfile-fix.yml | ||
| nix.yml | ||
| osv-scanner.yml | ||
| skills-index.yml | ||
| supply-chain-audit.yml | ||
| tests.yml | ||
| upload_to_pypi.yml | ||
| uv-lockfile-check.yml | ||