From 27ec2c03d157ed4c34851c3263f9e76dbd0fef16 Mon Sep 17 00:00:00 2001 From: zyzzmohit Date: Wed, 14 Jan 2026 15:48:20 +0530 Subject: [PATCH] doc: clarify kubestellar repo context for GHA scripts Signed-off-by: zyzzmohit --- .../contribution-guidelines/operations/github-actions.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/content/contribution-guidelines/operations/github-actions.md b/docs/content/contribution-guidelines/operations/github-actions.md index c00f4488..884f4afc 100644 --- a/docs/content/contribution-guidelines/operations/github-actions.md +++ b/docs/content/contribution-guidelines/operations/github-actions.md @@ -2,13 +2,16 @@ For the sake of supply chain security, every reference from a workflow to an action identifies the action's version by a commit hash rather than a tag or branch name. This ensures reproducibility and prevents supply chain attacks through action tampering. +> [!NOTE] +> These instructions apply to the main [kubestellar/kubestellar](https://github.com/kubestellar/kubestellar) repository. The scripts and files mentioned below are located in the root of that repository. + ## The Reversemap File -The file `.gha-reversemap.yml` in the root of the repository is the single source of truth for the mapping from action identity (owner/repo and version tag) to commit hash. This file should only be updated when you have confidence in the new or added version. +The file `.gha-reversemap.yml` in the root of the `kubestellar` repository is the single source of truth for the mapping from action identity (owner/repo and version tag) to commit hash. This file should only be updated when you have confidence in the new or added version. ## Managing Action References -The script `hack/gha-reversemap.sh` provides commands for managing GitHub Action references across workflows. +The script `hack/gha-reversemap.sh` (in the `kubestellar` repository) provides commands for managing GitHub Action references across workflows. ### Available Commands