-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scan GitHub workflows with zizmor #50
Labels
Category: Maintainability
Proposed improvement to project maintainability
CI (Automation)
Continuous integration (and other automation)
Comments
ncoghlan
added
CI (Automation)
Continuous integration (and other automation)
Category: Maintainability
Proposed improvement to project maintainability
labels
Oct 28, 2024
ncoghlan
added a commit
that referenced
this issue
Oct 29, 2024
Includes a small update to the launch modules in the sample project so the PR generation for output updates is tested with the updated workflow. Addresses initial manual workflow scan for #50
#51 addresses the initial scan result, but keeping this issue open as any change to the workflows should automatically re-run the scan and upload the SARIF results. |
#51 has been updated to also include an automated scan (as per woodruffw/zizmor#69) |
ncoghlan
added a commit
that referenced
this issue
Oct 29, 2024
Address zizmor scan results, and set up a workflow to scan them in CI after the repo has been published. Includes a small update to the launch modules in the sample project so the PR generation for output updates has been tested with the updated workflow. Implements most of #50
While #51 mostly implemented this CI feature, it can only be fully resolved once the repository has been published:
|
ncoghlan
added a commit
that referenced
this issue
Oct 30, 2024
Repository is now public, so read permissions can be assumed. Closes #50
ncoghlan
added a commit
that referenced
this issue
Oct 30, 2024
Repository is now public, so read permissions can be assumed. Closes #50
ncoghlan
added a commit
that referenced
this issue
Oct 30, 2024
Repository is now public, so read permissions can be assumed. Closes #50
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Category: Maintainability
Proposed improvement to project maintainability
CI (Automation)
Continuous integration (and other automation)
Static security analysis tool for GitHub action configs: https://github.com/woodruffw/zizmor
(discovered via one of the other Python core developers running it on the CPython repo and reporting the results)
The text was updated successfully, but these errors were encountered: