Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run zizmor in CI. #6968

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Run zizmor in CI. #6968

wants to merge 3 commits into from

Conversation

dcampbell24
Copy link
Contributor

You could run it with --pedantic, but I guessed you wouldn't want to. It is failing right now, but that is the status of things.

@dcampbell24 dcampbell24 mentioned this pull request Dec 17, 2024
Open
@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

Skip an intermittent issue tests/tail/inotify-dir-recreate (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/timeout/timeout (passes in this run but fails in the 'main' branch)

@sylvestre
Copy link
Contributor

Thanks!
Do you have plans to work on fixing the issues or it is to show the list? thanks

@dcampbell24
Copy link
Contributor Author

I'll try to fix what I can, but I don't think I'll be able to fix everything.

@dcampbell24
Copy link
Contributor Author

Well I attempted to fix everything, but the pedantic. If you want pedantic, which currently is just pinning the actions to a hash ref, let me know. I'll add it.

@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

Skip an intermittent issue tests/tail/inotify-dir-recreate (fails in this run but passes in the 'main' branch)

@dcampbell24 dcampbell24 deleted the add-zizmor-to-ci branch December 19, 2024 20:48
@dcampbell24 dcampbell24 restored the add-zizmor-to-ci branch December 19, 2024 20:48
@dcampbell24
Copy link
Contributor Author

You don't want to add zizmor to the CI?

@sylvestre
Copy link
Contributor

you are the one who closed it ?!
image

@dcampbell24
Copy link
Contributor Author

oops...

@dcampbell24 dcampbell24 reopened this Dec 20, 2024
@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

Skip an intermittent issue tests/timeout/timeout (fails in this run but passes in the 'main' branch)

@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

Skip an intermittent issue tests/timeout/timeout (fails in this run but passes in the 'main' branch)

sylvestre
sylvestre reviewed Dec 20, 2024
View reviewed changes
.github/workflows/zizmor.yml
@@ -14,13 +15,13 @@ jobs:
with:
persist-credentials: false

- name: Download zizmor
run: cargo install zizmor
- name: Install the latest version of uv
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why pin
and what was wrong with cargo install ?

Copy link
Contributor Author

@dcampbell24 dcampbell24 Dec 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have to pin if you don't want to. It just makes it so it stays on the same version no matter what (I think). It is suggested by zizmor --pedantic.

cargo install takes longer than uv does because it compiles the binary. It is using exactly the same binary. Again I could cargo install, but it seems pointless. This is the suggested way to do this on the zizmor site https://woodruffw.github.io/zizmor/usage/#use-in-github-actions. It actually suggests using the SARIF format and uploading the results of a run to GitHub, but I don't see what the point of that is.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It actually suggests using the SARIF format and uploading the results of a run to GitHub, but I don't see what the point of that is.

This is for integration with GitHub Advanced Security. Uploading the SARIF file will make the results available in the "Security" tab of this repository, under code scanning alerts. It should also post comments on PRs that introduce regressions. See, for example: Homebrew/brew#18986

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@carlocab carlocab carlocab left review comments

@sylvestre sylvestre sylvestre left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dcampbell24 @sylvestre @carlocab