diff options
| author | Jacob Walls <jacobtylerwalls@gmail.com> | 2025-11-14 13:39:01 -0500 |
|---|---|---|
| committer | Jacob Walls <jacobtylerwalls@gmail.com> | 2025-11-21 15:00:53 -0500 |
| commit | 7e9f7bb669685c4daf6c9e6fea61339ce705f3e6 (patch) | |
| tree | 9d3478832ca88beeee91ab01de1be710f3000922 | |
| parent | 0f4d5303a28d6cb0f321b0a4d6363187ccfb903a (diff) | |
[4.2.x] Applied auto-fixes from zizmor findings.
Backport of e8958c4690faef27b6715524ecb5c49c3ecb6a09 from main.
| -rw-r--r-- | .github/workflows/benchmark.yml | 1 | ||||
| -rw-r--r-- | .github/workflows/check_commit_messages.yml | 13 | ||||
| -rw-r--r-- | .github/workflows/docs.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/linters.yml | 8 | ||||
| -rw-r--r-- | .github/workflows/python_matrix.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/schedule_tests.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/tests.yml | 4 |
7 files changed, 35 insertions, 3 deletions
diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 27cac36b23..9c3735f848 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -17,6 +17,7 @@ jobs: with: repository: django/django-asv path: "." + persist-credentials: false - name: Install Requirements run: pip install -r requirements.txt - name: Cache Django diff --git a/.github/workflows/check_commit_messages.yml b/.github/workflows/check_commit_messages.yml index 8fc5dd5cdf..ab115d96be 100644 --- a/.github/workflows/check_commit_messages.yml +++ b/.github/workflows/check_commit_messages.yml @@ -14,11 +14,15 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - name: Calculate commit prefix id: vars + env: + GITHUB_EVENT_PULL_REQUEST_BASE_REF: ${{ github.event.pull_request.base.ref }} run: | - BASE="${{ github.event.pull_request.base.ref }}" + BASE="${GITHUB_EVENT_PULL_REQUEST_BASE_REF}" echo "BASE=$BASE" >> $GITHUB_ENV VERSION="${BASE#stable/}" echo "prefix=[$VERSION]" >> $GITHUB_OUTPUT @@ -26,8 +30,9 @@ jobs: - name: Check PR title prefix env: TITLE: ${{ github.event.pull_request.title }} + STEPS_VARS_OUTPUTS_PREFIX: ${{ steps.vars.outputs.prefix }} run: | - PREFIX="${{ steps.vars.outputs.prefix }}" + PREFIX="${STEPS_VARS_OUTPUTS_PREFIX}" if [[ "$TITLE" != "$PREFIX"* ]]; then echo "❌ PR title must start with the required prefix: $PREFIX" exit 1 @@ -40,8 +45,10 @@ jobs: git fetch origin pull/${{ github.event.pull_request.number }}/head:pr - name: Check commit messages prefix + env: + STEPS_VARS_OUTPUTS_PREFIX: ${{ steps.vars.outputs.prefix }} run: | - PREFIX="${{ steps.vars.outputs.prefix }}" + PREFIX="${STEPS_VARS_OUTPUTS_PREFIX}" COMMITS=$(git rev-list base..pr) echo "Checking commit messages for required prefix: $PREFIX" FAIL=0 diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 681e22a63d..0c5f8e8175 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -26,6 +26,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v4 with: @@ -44,6 +46,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v4 with: diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index 08a404fcc0..7076a1b8b2 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -24,6 +24,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v4 with: @@ -41,6 +43,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v4 with: @@ -58,6 +62,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: black uses: psf/black@23.12.1 @@ -66,6 +72,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v5 + with: + persist-credentials: false - name: Run zizmor uses: zizmorcore/zizmor-action@e673c3917a1aef3c65c972347ed84ccd013ecda4 # v0.2.0 with: diff --git a/.github/workflows/python_matrix.yml b/.github/workflows/python_matrix.yml index ab48c2be83..979025dd07 100644 --- a/.github/workflows/python_matrix.yml +++ b/.github/workflows/python_matrix.yml @@ -23,6 +23,8 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + with: + persist-credentials: false - id: set-matrix run: | python_versions=$(sed -n "s/^.*Programming Language :: Python :: \([[:digit:]]\+\.[[:digit:]]\+\).*$/'\1', /p" pyproject.toml | tr -d '\n' | sed 's/, $//g') @@ -37,6 +39,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 with: diff --git a/.github/workflows/schedule_tests.yml b/.github/workflows/schedule_tests.yml index be1fa50b08..8cfa0e47e9 100644 --- a/.github/workflows/schedule_tests.yml +++ b/.github/workflows/schedule_tests.yml @@ -26,6 +26,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v4 with: @@ -44,6 +46,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Node.js uses: actions/setup-node@v3 with: diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 44ea149cd1..31e9f69ad1 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -28,6 +28,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v4 with: @@ -46,6 +48,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Node.js uses: actions/setup-node@v3 with: |