-
-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: harden github actions according to "zizmor" recommendations #13062
Conversation
Fix all issues reported by zizmor 0.9.2 running locally. See: https://woodruffw.github.io/zizmor/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Backport to 8.3.x: 💚 backport PR created✅ Backport PR branch: Backported as #13067 🤖 @patchback |
Fix all issues reported by zizmor 0.9.2 running locally. See: https://woodruffw.github.io/zizmor/ (cherry picked from commit ee8f98d)
Fix all issues reported by zizmor 0.9.2 running locally. See: https://woodruffw.github.io/zizmor/ (cherry picked from commit ee8f98d)
Nice! Should we also run zizmor itself on CI? |
Running a CI security check in CI :) I suppose it can be helpful for finding unintentional weaknesses. I see there is a pre-commit hook here https://github.com/woodruffw/zizmor-pre-commit so I'll send a PR adding it. |
Hehehe A pre-commit hook sounds even better! |
…) (#13067) Fix all issues reported by zizmor 0.9.2 running locally. See: https://woodruffw.github.io/zizmor/ (cherry picked from commit ee8f98d) Co-authored-by: Ran Benita <ran@unusedvar.com>
"zizmor" is a new tool to statically analyze github actions files for security issues. See See: https://woodruffw.github.io/zizmor/.
Fix all issues reported by zizmor 0.9.2 running locally.