ci: Update GitHub Actions workflows based on Zizmor security reports #41
Conversation
|
CC: @cclauss So I intentionally made pre-commit fail because I wanted to see how: behaves. Do you know why it didn't create a new commit on this PR to fix the whitespace issue? |
|
I gotta say that I am not a fan so far. This tool generated a lot of busy work on other repos for fixes that were not really helpful. I am unsure on |
True. Let me remove this one. |
| permissions: | ||
| contents: read |
There was a problem hiding this comment.
This might be why pre-commit-ci/lite-action cannot write a commit.
There was a problem hiding this comment.
But the pre-commit lite action is defined inside .github/workflows/ci-test.yml,
and the job where it's defined already has all the required permissions.
I think I haven't configured the pre-commit lite CI bot in this repo.
That's probably the reason. Anyway, I'm going to remove this job.
There was a problem hiding this comment.
Oh...
Make the whitespace change to a non-GitHub Actions file. I think that GitHub Actions cannot write to a GHA file.
trim trailing whitespace.................................................Failed
- hook id: trailing-whitespace
- exit code: 1
- files were modified by this hook
Fixing .github/workflows/ci-test.yml
biome check..............................................................Passed
There was a problem hiding this comment.
Not working with the action.yml whitespace issue either.
There was a problem hiding this comment.
Let's do a final test. I just added the pre-commit CI lite bot to this repo.
There was a problem hiding this comment.
boom.
Working after pre-commit CI lite bot added to this repo.
DhavalGojiya
force-pushed
the
fix/gh-zizmor-security-alert
branch
from
64e597a to
0fbd284
Compare
Description
Update GitHub Actions workflows based on Zizmor security reports.
Command:
uvx zizmor .github/