Skip to content

ci: address zizmor findings #68

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 21, 2024
Merged

ci: address zizmor findings #68

merged 1 commit into from
Nov 21, 2024

Conversation

woodruffw
Copy link
Member

@woodruffw woodruffw commented Nov 19, 2024
edited
Loading

This addresses a bunch of findings from zizmor, both low-impact (mostly credential persistence/permission minimization) as well as some potential template injections (non-exploitable in this case, but good to remove!)

I've also gone ahead and bumped the versions on a couple of actions, where they were outdated.

NB: This changeset doesn't include a new workflow for zizmor, but if folks are interested this one should be drag-n-drop 🙂

Afterwards:

$ zizmor .
🌈 completed ci-build.yml
🌈 completed hugo.yml
No findings to report. Good job!

@woodruffw
ci: address zizmor findings
2f8cdfa 
Signed-off-by: William Woodruff <[email protected]>
@woodruffw woodruffw requested review from a team as code owners November 19, 2024 23:26
@haydentherapper haydentherapper merged commit b41665b into sigstore:main Nov 21, 2024
2 checks passed
haydentherapper added a commit that referenced this pull request Nov 21, 2024
@haydentherapper
Revert "ci: address zizmor findings (#68)"
363d641 
This reverts commit b41665b.
@haydentherapper haydentherapper mentioned this pull request Nov 21, 2024
Merged
haydentherapper added a commit that referenced this pull request Nov 21, 2024
@haydentherapper
Revert "ci: address zizmor findings (#68)" (#69)
179821b 
This reverts commit b41665b.
@woodruffw woodruffw deleted the ww/zizmor branch November 21, 2024 21:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bobcallaway bobcallaway bobcallaway approved these changes

@SantiagoTorres SantiagoTorres SantiagoTorres approved these changes

@haydentherapper haydentherapper haydentherapper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@woodruffw @bobcallaway @SantiagoTorres @haydentherapper