Skip to content

Audit GHA workflows with zizmor #1136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jan 16, 2025
Merged

Audit GHA workflows with zizmor #1136

merged 4 commits into from
Jan 16, 2025

Conversation

maresb
Copy link
Contributor

@maresb maresb commented Dec 22, 2024
edited by github-actions bot
Loading

Description

This should reduce the chance that we do something dangerous with GHA that might lead to a compromise of the repo.

Mirrors pymc-devs/pymc#7624

Checklist

Type of change

  • New feature / enhancement
  • Bug fix
  • Documentation
  • Maintenance
  • Other (please specify):

📚 Documentation preview 📚: https://pytensor--1136.org.readthedocs.build/en/1136/

@maresb maresb requested a review from ricardoV94 December 22, 2024 19:23
@maresb maresb changed the title Zizmor Audit GHA workflows with zizmor Dec 22, 2024
@maresb maresb mentioned this pull request Dec 22, 2024
Merged
9 tasks
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@codecov Codecov
Copy link

codecov bot commented Dec 22, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.12%. Comparing base (231a977) to head (e002108).
Report is 187 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1136      +/-   ##
==========================================
+ Coverage   82.10%   82.12%   +0.01%     
==========================================
  Files         185      185              
  Lines       48130    48130              
  Branches     8669     8669              
==========================================
+ Hits        39519    39527       +8     
+ Misses       6444     6438       -6     
+ Partials     2167     2165       -2

see 2 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

lucianopaz
lucianopaz approved these changes Dec 24, 2024
View reviewed changes
Copy link
Member

@lucianopaz lucianopaz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm

@ricardoV94 ricardoV94 merged commit 091b664 into main Jan 16, 2025
64 of 65 checks passed
@maresb maresb deleted the zizmor branch January 16, 2025 12:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lucianopaz lucianopaz lucianopaz approved these changes

@ricardoV94 ricardoV94 Awaiting requested review from ricardoV94

Assignees
No one assigned
Labels
GitHub CI/CD no releasenotes release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@maresb @lucianopaz @ricardoV94