Skip to content

chore: workflow success checks#750

Closed
zackpollard wants to merge 1 commit into
mainfrom
chore/workflow-success
Closed

chore: workflow success checks#750
zackpollard wants to merge 1 commit into
mainfrom
chore/workflow-success

Conversation

@zackpollard
Copy link
Copy Markdown
Member

@zackpollard zackpollard commented Jun 16, 2025

No description provided.

github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 16, 2025
View reviewed changes
Comment thread .github/workflows/overall-success.yaml Fixed
Comment thread .github/workflows/overall-success.yaml Fixed
@zackpollard zackpollard force-pushed the chore/workflow-success branch 7 times, most recently from 78ffcc2 to c8cf47b Compare June 16, 2025 23:07
github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 16, 2025
View reviewed changes
Comment thread .github/workflows/overall-success.yaml
Comment on lines +3 to +20
on:
# This workflow can be triggered manually or on a schedule if desired,
# but its primary design here is to be triggered by workflow_dispatch
# or potentially by a push to main if you want to check status after merges.
workflow_dispatch: # Allows manual triggering
workflow_run:
types:
- completed
workflows: ["Zizmor", "Terragrunt", "Scripts"]
push:
branches: [main]
# paths: # Consider path filtering if you only want to run this for specific changes
# - '.github/workflows/**' # Example: run if any workflow changes
# pull_request:
# branches:
# - main

Check failure

Code scanning / zizmor

workflow_run is almost always used insecurely Error

workflow_run is almost always used insecurely
@zackpollard zackpollard force-pushed the chore/workflow-success branch from c8cf47b to fa6168b Compare June 16, 2025 23:21
github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 16, 2025
View reviewed changes
Comment thread .github/workflows/overall-success.yaml Fixed
@zackpollard zackpollard force-pushed the chore/workflow-success branch 7 times, most recently from a7311bb to a99ba08 Compare June 16, 2025 23:56
github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 16, 2025
View reviewed changes
Comment thread .github/workflows/flux-diff.yaml
with:
needs: ${{ toJson(needs) }}
- name: Create Check
uses: LouisBrunner/checks-action@v2.0.0

Check failure

Code scanning / zizmor

action is not pinned to a hash (required by blanket policy) Error

action is not pinned to a hash (required by blanket policy)
Comment thread .github/workflows/scripts.yaml
with:
needs: ${{ toJson(needs) }}
- name: Create Check
uses: LouisBrunner/checks-action@v2.0.0

Check failure

Code scanning / zizmor

action is not pinned to a hash (required by blanket policy) Error

action is not pinned to a hash (required by blanket policy)
Comment thread .github/workflows/terragrunt.yaml
with:
needs: ${{ toJson(needs) }}
- name: Create Check
uses: LouisBrunner/checks-action@v2.0.0

Check failure

Code scanning / zizmor

action is not pinned to a hash (required by blanket policy) Error

action is not pinned to a hash (required by blanket policy)
@zackpollard zackpollard force-pushed the chore/workflow-success branch from a99ba08 to 0b863cb Compare June 16, 2025 23:58
github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 16, 2025
View reviewed changes
Comment thread .github/workflows/terragrunt.yaml

permissions: {}
permissions:
checks: write

Check warning

Code scanning / zizmor

checks: write is overly broad at the workflow level Warning

checks: write is overly broad at the workflow level
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zackpollard @github-advanced-security