Airlock
Concepts

Freeze

The dividing line between auto-fixable changes and locked review.

The freeze step is a dividing line in your workflow. It separates steps that can auto-fix your code from steps that must leave the code untouched.

How It Works

Add freeze to your workflow with:

- name: freeze
  run: airlock exec freeze

When this step runs, it:

  1. Commits any pending changes from previous steps (linter auto-fixes, formatter patches)
  2. Locks the worktree — no more direct file modifications allowed
  3. Sets the AIRLOCK_FROZEN environment variable to true for all subsequent steps

Pre-Freeze Steps

Steps before freeze can modify files freely. This is where you run linters and formatters that auto-fix issues:

steps:
  - name: lint
    uses: airlock-hq/airlock/defaults/lint@main # Can modify files

  - name: freeze
    run: airlock exec freeze

Patches from pre-freeze steps are applied directly to the worktree and committed as part of the freeze.

Post-Freeze Steps

Steps after freeze cannot modify the worktree directly. If a post-freeze step produces file changes, those changes are captured as patches and queued for review in the Push Request's Patches tab.

- name: freeze
  run: airlock exec freeze

- name: test
  uses: airlock-hq/airlock/defaults/test@main # Worktree is locked

- name: review
  run: 'true'
  require-approval: true

This ensures no surprise mutations happen after the code has been reviewed.

The AIRLOCK_FROZEN Environment Variable

After freeze runs, AIRLOCK_FROZEN=true is available to all subsequent steps. Custom steps can check this variable to adjust their behavior:

if [ "$AIRLOCK_FROZEN" = "true" ]; then
  echo "Worktree is frozen — running in read-only mode"
fi

Typical Placement

A standard workflow places freeze after linting/formatting but before testing and review:

steps:
  - name: lint # Pre-freeze: auto-fix
    uses: airlock-hq/airlock/defaults/lint@main
  - name: freeze # Lock the worktree
    run: airlock exec freeze
  - name: describe # Post-freeze: generate description
    uses: airlock-hq/airlock/defaults/describe@main
  - name: test # Post-freeze: run tests
    uses: airlock-hq/airlock/defaults/test@main
  - name: review # Post-freeze: human approval
    run: 'true'
    require-approval: true
  - name: push
    uses: airlock-hq/airlock/defaults/push@main

Freeze is optional. If your workflow doesn't include a freeze step, all steps can modify the worktree freely. However, this means you lose the guarantee that post-review code hasn't been mutated.

  • Workflows — How workflows and steps are structured
  • Artifacts — How patches from post-freeze steps appear as artifacts

Workflows

Declarative YAML files that define what runs on each push.

Artifacts

Content, comments, and patches produced by workflow steps.

On this page

How It WorksPre-Freeze StepsPost-Freeze StepsThe AIRLOCK_FROZEN Environment VariableTypical PlacementRelated