mirror of
https://github.com/anthropics/claude-plugins-official.git
synced 2026-05-10 22:12:40 +00:00
3bac79bb30
3 entries (azure, spotify-ads-api, vercel) hit the 300s default under sweep load. Vercel passed in 247s on a single-entry run, so timeout was the issue. Also picks up L15 (full verdict logging).
37 lines
1017 B
YAML
37 lines
1017 B
YAML
name: Scan Plugins
|
|
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- '.claude-plugin/marketplace.json'
|
|
- '.github/policy/**'
|
|
workflow_dispatch:
|
|
inputs:
|
|
scan_all:
|
|
description: Scan every external entry (full re-review). Slow.
|
|
type: boolean
|
|
default: false
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
scan:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 360
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
# Blocking: policy failures fail the job. Loosen by removing
|
|
# fail-on-findings if the false-positive rate is too high.
|
|
- uses: anthropics/claude-plugins-community/.github/actions/scan-plugins@706952a0caebac4024b4be25137ff2faa64e153b
|
|
with:
|
|
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
|
|
policy-prompt: .github/policy/prompt.md
|
|
fail-on-findings: "true"
|
|
scan-all-external: ${{ inputs.scan_all || 'false' }}
|
|
scan-timeout-secs: "900"
|
|
claude-cli-version: latest
|