From a9bc7fe048347183a663ee4ac2e8528d58d4c252 Mon Sep 17 00:00:00 2001 From: Alexis Date: Tue, 28 Jan 2025 16:53:22 +0100 Subject: [PATCH 1/4] Update workflows --- .github/workflows/codeql-analysis.yml | 2 -- .github/workflows/zizmor.yml | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e6ee3794b41c..6cdf55d3b022 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -45,8 +45,6 @@ jobs: - name: Set up Python if: matrix.language == 'python' uses: actions/setup-python@v5 - with: - python-version-file: '.python-version' - name: Install dependencies # Needed for pycurl diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 79068b30abf6..d644b9d025c8 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -4,6 +4,8 @@ name: GitHub Actions Security Analysis with Zizmor on: push: branches: ["main"] + paths: + - '.github/workflows/**' pull_request: branches: ["*"] @@ -25,8 +27,6 @@ jobs: persist-credentials: false - name: Setup Python uses: actions/setup-python@v5 - with: - python-version-file: '.python-version' - name: Run zizmor run: pipx run zizmor --format sarif . > results.sarif - name: Upload SARIF file From 55fe99567896e5400f378a9c5b7e5544c3d74c46 Mon Sep 17 00:00:00 2001 From: Alexis Date: Tue, 28 Jan 2025 16:59:27 +0100 Subject: [PATCH 2/4] Add cron task to still run zizmor every week. --- .github/workflows/zizmor.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index d644b9d025c8..0a1a21ecd0ff 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -8,6 +8,8 @@ on: - '.github/workflows/**' pull_request: branches: ["*"] + schedule: + - cron: '30 1 * * 1' jobs: zizmor: From 4c1f5c3d495cfafe57c022d57b497314145ad4c3 Mon Sep 17 00:00:00 2001 From: Alexis Date: Tue, 28 Jan 2025 17:00:16 +0100 Subject: [PATCH 3/4] Also restrict zizmor on PR --- .github/workflows/zizmor.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 0a1a21ecd0ff..0ee01de88e1a 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -8,6 +8,8 @@ on: - '.github/workflows/**' pull_request: branches: ["*"] + paths: + - '.github/workflows/**' schedule: - cron: '30 1 * * 1' From 15d164c5897feb5e060c952e20841eb5f9a9d0e8 Mon Sep 17 00:00:00 2001 From: Alexis Date: Tue, 28 Jan 2025 17:23:46 +0100 Subject: [PATCH 4/4] Revert change on zizmor runs --- .github/workflows/zizmor.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 0ee01de88e1a..c2435dd6b489 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -4,14 +4,8 @@ name: GitHub Actions Security Analysis with Zizmor on: push: branches: ["main"] - paths: - - '.github/workflows/**' pull_request: branches: ["*"] - paths: - - '.github/workflows/**' - schedule: - - cron: '30 1 * * 1' jobs: zizmor: