diff options
| author | Jacob Walls <jacobtylerwalls@gmail.com> | 2025-11-14 13:39:01 -0500 |
|---|---|---|
| committer | Jacob Walls <jacobtylerwalls@gmail.com> | 2025-11-21 14:50:32 -0500 |
| commit | 11deb358b69cf44388929245078dd6bf0c89ab54 (patch) | |
| tree | 326a25a2a4b3d2fce3afc0d4d478efe799b27391 | |
| parent | fe3db5bcbb175d9b32c4ca2f03dc95d22ad2f77b (diff) | |
[5.2.x] Applied auto-fixes from zizmor findings.
Backport of e8958c4690faef27b6715524ecb5c49c3ecb6a09 from main.
| -rw-r--r-- | .github/workflows/benchmark.yml | 1 | ||||
| -rw-r--r-- | .github/workflows/check_commit_messages.yml | 13 | ||||
| -rw-r--r-- | .github/workflows/docs.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/linters.yml | 8 | ||||
| -rw-r--r-- | .github/workflows/python_matrix.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/schedule_tests.yml | 16 | ||||
| -rw-r--r-- | .github/workflows/screenshots.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/selenium.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/tests.yml | 4 |
9 files changed, 53 insertions, 3 deletions
diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 0d5ec23550..6cc11b3357 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -17,6 +17,7 @@ jobs: with: repository: django/django-asv path: "." + persist-credentials: false - name: Setup Miniforge uses: conda-incubator/setup-miniconda@v3 with: diff --git a/.github/workflows/check_commit_messages.yml b/.github/workflows/check_commit_messages.yml index 8fc5dd5cdf..ab115d96be 100644 --- a/.github/workflows/check_commit_messages.yml +++ b/.github/workflows/check_commit_messages.yml @@ -14,11 +14,15 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - name: Calculate commit prefix id: vars + env: + GITHUB_EVENT_PULL_REQUEST_BASE_REF: ${{ github.event.pull_request.base.ref }} run: | - BASE="${{ github.event.pull_request.base.ref }}" + BASE="${GITHUB_EVENT_PULL_REQUEST_BASE_REF}" echo "BASE=$BASE" >> $GITHUB_ENV VERSION="${BASE#stable/}" echo "prefix=[$VERSION]" >> $GITHUB_OUTPUT @@ -26,8 +30,9 @@ jobs: - name: Check PR title prefix env: TITLE: ${{ github.event.pull_request.title }} + STEPS_VARS_OUTPUTS_PREFIX: ${{ steps.vars.outputs.prefix }} run: | - PREFIX="${{ steps.vars.outputs.prefix }}" + PREFIX="${STEPS_VARS_OUTPUTS_PREFIX}" if [[ "$TITLE" != "$PREFIX"* ]]; then echo "❌ PR title must start with the required prefix: $PREFIX" exit 1 @@ -40,8 +45,10 @@ jobs: git fetch origin pull/${{ github.event.pull_request.number }}/head:pr - name: Check commit messages prefix + env: + STEPS_VARS_OUTPUTS_PREFIX: ${{ steps.vars.outputs.prefix }} run: | - PREFIX="${{ steps.vars.outputs.prefix }}" + PREFIX="${STEPS_VARS_OUTPUTS_PREFIX}" COMMITS=$(git rev-list base..pr) echo "Checking commit messages for required prefix: $PREFIX" FAIL=0 diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index b13a9bab4a..eeef40c462 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -26,6 +26,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v5 with: @@ -44,6 +46,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v5 with: diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index d6e939d2ae..d18921cf33 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -24,6 +24,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v5 with: @@ -41,6 +43,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v5 with: @@ -58,6 +62,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: black uses: psf/black@stable @@ -66,6 +72,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v5 + with: + persist-credentials: false - name: Run zizmor uses: zizmorcore/zizmor-action@e673c3917a1aef3c65c972347ed84ccd013ecda4 # v0.2.0 with: diff --git a/.github/workflows/python_matrix.yml b/.github/workflows/python_matrix.yml index 5901e584aa..2b7a257f5e 100644 --- a/.github/workflows/python_matrix.yml +++ b/.github/workflows/python_matrix.yml @@ -23,6 +23,8 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + with: + persist-credentials: false - id: set-matrix run: | python_versions=$(sed -n "s/^.*Programming Language :: Python :: \([[:digit:]]\+\.[[:digit:]]\+\).*$/'\1', /p" pyproject.toml | tr -d '\n' | sed 's/, $//g') @@ -37,6 +39,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 with: diff --git a/.github/workflows/schedule_tests.yml b/.github/workflows/schedule_tests.yml index dc3157f51b..da0bbea552 100644 --- a/.github/workflows/schedule_tests.yml +++ b/.github/workflows/schedule_tests.yml @@ -26,6 +26,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v5 with: @@ -44,6 +46,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v5 with: @@ -71,6 +75,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v5 with: @@ -106,6 +112,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v5 with: @@ -128,6 +136,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Node.js uses: actions/setup-node@v4 with: @@ -143,6 +153,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v5 with: @@ -179,6 +191,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v5 with: @@ -224,6 +238,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v5 with: diff --git a/.github/workflows/screenshots.yml b/.github/workflows/screenshots.yml index 7b9db7d064..4c67c7fc72 100644 --- a/.github/workflows/screenshots.yml +++ b/.github/workflows/screenshots.yml @@ -21,6 +21,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v5 with: diff --git a/.github/workflows/selenium.yml b/.github/workflows/selenium.yml index de36f1c084..2e7e8f187d 100644 --- a/.github/workflows/selenium.yml +++ b/.github/workflows/selenium.yml @@ -21,6 +21,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v5 with: @@ -58,6 +60,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v5 with: diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 2ae1e3ef90..559868a279 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -28,6 +28,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v5 with: @@ -46,6 +48,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Set up Node.js uses: actions/setup-node@v4 with: |