CLOUDPLAT-3162: add npm-release environment gate (dynamodb-replicator) by haseebehsan · Pull Request #119 · mapbox/dynamodb-replicator

haseebehsan · 2026-06-23T14:51:30Z

Adding environment: npm-release to the npm release workflow.

ox-security · 2026-06-23T14:52:16Z

Successfully scanned changes introduced in a pull request into master from cloudplat-3162/npm-release-env.

Internal scan identifier: ca7b3f82-408d-4d43-9607-357886c91aed.

Total issues	Blocking issues	Scan status
1	0	✔️

Category	Issues
CI/CD Posture	1

See all issues found during this scan in the OX Security Application.

Detailed information

Issue #	1
Name	Unpinned Reusable Workflow • GitHub Actions
Status	Old
Enforcement	Monitor
Severity	High
Category	CI/CD Posture
Source tools	OX CI/CD Posture
Recommendation	Pin reusable workflows to a full-length commit SHA (40 characters) instead of a tag or branch. Example: uses: org/repo/.github/workflows/build.yml@a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0

1 aggregation

File	Match
.github/workflows/npm-release.yml	`uses: mapbox/gha-public/.github/workflows/workflow-npm-oidc-publish.yml@main`

CLOUDPLAT-3162: add environment gate to npm-release workflow

7cb9505

https://mapbox.atlassian.net/browse/CLOUDPLAT-3162

haseebehsan added the ai AI coding agents co-authored the code label Jun 23, 2026

haseebehsan requested a review from a team as a code owner June 23, 2026 14:51

haseebehsan added the ai AI coding agents co-authored the code label Jun 23, 2026

ryndaniels approved these changes Jun 23, 2026

View reviewed changes

Provide feedback