Skip to content

fix(actions): use official trunk-io actions for installation and checks #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cpritchett merged 2 commits into from
Nov 17, 2025
Merged

fix(actions): use official trunk-io actions for installation and checks #5

cpritchett merged 2 commits into from
Nov 17, 2025
+5 −4

Conversation

Copy link

Copilot AI commented Nov 17, 2025
edited
Loading

Addresses security concern from review feedback about downloading unverified scripts during Trunk installation.

Changes:

  • Replace curl -fsSL https://get.trunk.io | bash with trunk-io/trunk-action/setup@v1 for verified installation
  • Use trunk-io/trunk-action@v1 for checks to enable native GitHub PR annotations
  • Move permissions to job level (checks: write, contents: write) for proper scoping
# Before
- name: Install Trunk
  run: |
    curl -fsSL https://get.trunk.io -o- | bash
    echo "$HOME/.trunk/bin" >> $GITHUB_PATH

# After  
- name: Install Trunk
  uses: trunk-io/trunk-action/setup@v1

Maintains autofix functionality via trunk fmt . followed by the action-based check step.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI mentioned this pull request Nov 17, 2025
Open
@cpritchett
Replace manual Trunk installation with official trunk-io actions
68db8ee 
Co-authored-by: cpritchett <3866278+cpritchett@users.noreply.github.com>
@cpritchett cpritchett marked this pull request as ready for review November 17, 2025 08:59
Copilot AI changed the title [WIP] Fix code quality workflow by replacing Black with Trunk fix(actions): use official trunk-io actions for installation and checks Nov 17, 2025
Copilot AI requested a review from cpritchett November 17, 2025 09:01
@cpritchett cpritchett merged commit a538015 into fix/trunk Nov 17, 2025
1 of 5 checks passed
@cpritchett cpritchett deleted the copilot/sub-pr-4 branch November 17, 2025 09:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cpritchett cpritchett Awaiting requested review from cpritchett

Assignees

@cpritchett cpritchett

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cpritchett