Expand description
gha-container-proof — GitHub Actions job-container and Docker-action
compatibility oracle for offline CI.
See docs/spec.md
for the protocol surface and docs/RULES.md
for the stable check IDs that this crate emits.
Structs§
- Action
Manifest - Action
Plan Input - Concrete plan-action inputs.
- Check
- Check
Workflow Options - Classified
Option - Container
Proof Receipt - The top-level receipt. The same shape is emitted by all four commands.
- JobPlan
Input - Concrete plan-job inputs.
- Options
Plan - Result of parsing one options string.
- Probe
Input - Probe
Report - Probe-specific evidence attached to a
docker-probesubject. - Probe
Step - One step of probe evidence: the docker command that was invoked, its exit code, and excerpts of stdout/stderr.
- Receipt
Summary - Scan
Result - Subject
- One container subject in a receipt: a job container, a Docker action, or a Docker probe.
- Tool
Info
Enums§
- Check
Status - Compatibility
- Top-level rollup classification.
- Docker
Image - Recognized shapes of
runs.imagefor a Docker action. - Network
Model - Option
Kind - Output
Format - Probe
Step Kind - Runner
Os - Subject
Kind
Constants§
Functions§
- apply_
strict - Promote selected warnings to failures when strict mode is on.
- classify_
image - is_
sensitive_ key - Return
truefor environment-variable keys that look secret-ish. - parse_
options - render_
receipt - run_
check_ workflow - run_
plan_ action - run_
plan_ job - run_
probe - scan_
workflows