Airlock
Concepts

Freeze

The dividing line between auto-fixable changes and locked review.

Deprecated. The freeze step is replaced by apply-patch: true on individual steps. Existing workflows using freeze continue to work. See apply-patch for the recommended approach.

The freeze step is a dividing line in your workflow. It separates steps that can auto-fix your code from steps that must leave the code untouched.

Instead of a separate freeze step, add apply-patch: true to steps that produce patches:

- name: lint
  uses: airlock-hq/airlock/defaults/lint@main
  apply-patch: true # Auto-commit lint fixes after this step

This is more granular than freeze — each step controls whether its patches are committed immediately.

How Freeze Works (Legacy)

Add freeze to your workflow with:

- name: freeze
  run: airlock exec freeze

When this step runs, it:

  1. Commits any pending changes from previous steps (linter auto-fixes, formatter patches)
  2. Locks the worktree — no more direct file modifications allowed
  3. Sets the AIRLOCK_FROZEN environment variable to true for all subsequent steps

Pre-Freeze Steps

Steps before freeze can modify files freely. This is where you run linters and formatters that auto-fix issues:

steps:
  - name: lint
    uses: airlock-hq/airlock/defaults/lint@main # Can modify files

  - name: freeze
    run: airlock exec freeze

Patches from pre-freeze steps are applied directly to the worktree and committed as part of the freeze.

Post-Freeze Steps

Steps after freeze cannot modify the worktree directly. If a post-freeze step produces file changes, those changes are captured as patches and queued for review in the Push Request's Patches tab.

- name: freeze
  run: airlock exec freeze

- name: test
  uses: airlock-hq/airlock/defaults/test@main # Worktree is locked

- name: push
  uses: airlock-hq/airlock/defaults/push@main
  require-approval: true # Pauses for human approval

This ensures no surprise mutations happen after the code has been reviewed.

The AIRLOCK_FROZEN Environment Variable

After freeze runs, AIRLOCK_FROZEN=true is available to all subsequent steps. Custom steps can check this variable to adjust their behavior:

if [ "$AIRLOCK_FROZEN" = "true" ]; then
  echo "Worktree is frozen — running in read-only mode"
fi
  • Workflows — How workflows and steps are structured
  • Artifacts — How patches from post-freeze steps appear as artifacts

Workflows

Declarative YAML files that define what runs on each push.

Artifacts

Content, comments, and patches produced by workflow steps.

On this page

Recommended Alternative: apply-patchHow Freeze Works (Legacy)Pre-Freeze StepsPost-Freeze StepsThe AIRLOCK_FROZEN Environment VariableRelated