Skip to content

Commit 0794dd5

Browse files
taddesfkiriakos07
taddes
and
fkiriakos07
authored
fix: apply zizmor autofixes (#2253)
* fix: apply zizmor autofixes * rmv lookup-only on cache restores --------- Co-authored-by: Frida Kiriakos <fkiriakos@mozilla.com>
1 parent bb0a8de commit 0794dd5

4 files changed

Lines changed: 58 additions & 27 deletions

File tree

.github/actions/setup-build-and-push/action.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,9 @@ runs:
3131
"$GITHUB_SHA" "$GITHUB_REF_NAME" \
3232
"$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \
3333
"$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" \
34-
> ${{ inputs.version_json_path }}
34+
> ${JSON_PATH}
35+
env:
36+
JSON_PATH: ${{ inputs.version_json_path }}
3537

3638
- name: Compute image tag
3739
id: tag

.github/dependabot.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,8 @@ updates:
5858
- dependency-name: slog-scope
5959
versions:
6060
- 4.4.0
61+
cooldown:
62+
default-days: 7
6163

6264
- package-ecosystem: "pip" # Applies for poetry deps as well
6365
directories:
@@ -80,6 +82,8 @@ updates:
8082
group-by: dependency-name
8183
patterns:
8284
- "*"
85+
cooldown:
86+
default-days: 7
8387

8488
- package-ecosystem: "github-actions"
8589
directory: "/"
@@ -93,3 +97,5 @@ updates:
9397
actions-deps:
9498
patterns:
9599
- "*"
100+
cooldown:
101+
default-days: 7

.github/workflows/main-workflow.yml

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,7 @@ jobs:
5252
~/.cache/pip
5353
~/.cache/pypoetry/virtualenvs
5454
key: ${{ runner.os }}-python-${{ hashFiles('pyproject.toml', 'poetry.lock') }}
55+
lookup-only: true
5556

5657
- name: Install Poetry
5758
run: pip3 install poetry
@@ -77,10 +78,11 @@ jobs:
7778
~/.rustup/toolchains
7879
~/.rustup/update-hashes
7980
key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }}
81+
lookup-only: true
8082

8183
- name: Install Rust toolchain
8284
if: steps.cache-rust-toolchain.outputs.cache-hit != 'true'
83-
run: rustup toolchain install ${{ env.RUST_VERSION }} --component rustfmt --component clippy --component llvm-tools-preview --no-self-update && rustup default ${{ env.RUST_VERSION }}
85+
run: rustup toolchain install ${RUST_VERSION} --component rustfmt --component clippy --component llvm-tools-preview --no-self-update && rustup default ${RUST_VERSION}
8486

8587
- name: Display Rust Version Info
8688
shell: bash
@@ -150,7 +152,7 @@ jobs:
150152
key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }}
151153

152154
- name: Set Rust toolchain
153-
run: rustup default ${{ env.RUST_VERSION }}
155+
run: rustup default ${RUST_VERSION}
154156

155157
- name: Cache cargo-audit
156158
id: cache-cargo-audit
@@ -207,7 +209,7 @@ jobs:
207209
key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }}
208210

209211
- name: Set Rust toolchain
210-
run: rustup default ${{ env.RUST_VERSION }}
212+
run: rustup default ${RUST_VERSION}
211213

212214
- name: Rust Clippy ${{ matrix.target }}
213215
run: make clippy_${{ matrix.target }}
@@ -246,7 +248,7 @@ jobs:
246248
${{ runner.os }}-cargo-release-${{ matrix.target }}-
247249
248250
- name: Set Rust toolchain
249-
run: rustup default ${{ env.RUST_VERSION }}
251+
run: rustup default ${RUST_VERSION}
250252

251253
- name: Rust Clippy release ${{ matrix.target }}
252254
run: make clippy_release_${{ matrix.target }}
@@ -296,7 +298,7 @@ jobs:
296298
key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }}
297299

298300
- name: Set Rust toolchain
299-
run: rustup default ${{ env.RUST_VERSION }}
301+
run: rustup default ${RUST_VERSION}
300302

301303
- name: Restore pip and Poetry virtualenv
302304
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
@@ -589,7 +591,7 @@ jobs:
589591
key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }}
590592

591593
- name: Set Rust toolchain
592-
run: rustup default ${{ env.RUST_VERSION }}
594+
run: rustup default ${RUST_VERSION}
593595

594596
- name: Restore pip and Poetry virtualenv
595597
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
@@ -878,7 +880,7 @@ jobs:
878880
key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }}
879881

880882
- name: Set Rust toolchain
881-
run: rustup default ${{ env.RUST_VERSION }}
883+
run: rustup default ${RUST_VERSION}
882884

883885
- name: Restore pip and Poetry virtualenv
884886
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5

.github/workflows/mozcloud-publish.yaml

Lines changed: 40 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -56,18 +56,21 @@ jobs:
5656
- name: Compute tags
5757
run: |
5858
TAGS=$(cat <<EOF
59-
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncstorage-rs:${{ steps.setup.outputs.image_tag }}
60-
ghcr.io/${{ github.repository }}/syncstorage-rs:${{ steps.setup.outputs.image_tag }}
59+
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncstorage-rs:${IMAGE_TAG}
60+
ghcr.io/${{ github.repository }}/syncstorage-rs:${IMAGE_TAG}
6161
EOF
6262
)
63-
if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then
63+
if [[ "${PUSH_LATEST}" == "true" ]]; then
6464
TAGS="$TAGS
6565
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncstorage-rs:latest
6666
ghcr.io/${{ github.repository }}/syncstorage-rs:latest"
6767
fi
6868
echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV"
6969
echo "$TAGS" >> "$GITHUB_ENV"
7070
echo "EOF" >> "$GITHUB_ENV"
71+
env:
72+
IMAGE_TAG: ${{ steps.setup.outputs.image_tag }}
73+
PUSH_LATEST: ${{ steps.setup.outputs.push_latest }}
7174

7275
- uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
7376
with:
@@ -101,18 +104,21 @@ jobs:
101104
- name: Compute tags
102105
run: |
103106
TAGS=$(cat <<EOF
104-
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-postgres:${{ steps.setup.outputs.image_tag }}
105-
ghcr.io/${{ github.repository }}/syncserver-postgres:${{ steps.setup.outputs.image_tag }}
107+
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-postgres:${IMAGE_TAG}
108+
ghcr.io/${{ github.repository }}/syncserver-postgres:${IMAGE_TAG}
106109
EOF
107110
)
108-
if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then
111+
if [[ "${PUSH_LATEST}" == "true" ]]; then
109112
TAGS="$TAGS
110113
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-postgres:latest
111114
ghcr.io/${{ github.repository }}/syncserver-postgres:latest"
112115
fi
113116
echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV"
114117
echo "$TAGS" >> "$GITHUB_ENV"
115118
echo "EOF" >> "$GITHUB_ENV"
119+
env:
120+
IMAGE_TAG: ${{ steps.setup.outputs.image_tag }}
121+
PUSH_LATEST: ${{ steps.setup.outputs.push_latest }}
116122

117123
- name: Build and push to prod GAR and ghcr
118124
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
@@ -143,14 +149,17 @@ jobs:
143149

144150
- name: Compute enterprise tags
145151
run: |
146-
TAGS="us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres:${{ steps.setup.outputs.image_tag }}"
147-
if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then
152+
TAGS="us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres:${IMAGE_TAG}"
153+
if [[ "${PUSH_LATEST}" == "true" ]]; then
148154
TAGS="$TAGS
149155
us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres:latest"
150156
fi
151157
echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV"
152158
echo "$TAGS" >> "$GITHUB_ENV"
153159
echo "EOF" >> "$GITHUB_ENV"
160+
env:
161+
IMAGE_TAG: ${{ steps.setup.outputs.image_tag }}
162+
PUSH_LATEST: ${{ steps.setup.outputs.push_latest }}
154163

155164
- name: Build and push to enterprise GAR
156165
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
@@ -188,18 +197,21 @@ jobs:
188197
- name: Compute tags
189198
run: |
190199
TAGS=$(cat <<EOF
191-
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncstorage-rs-spanner-python-utils:${{ steps.setup.outputs.image_tag }}
192-
ghcr.io/${{ github.repository }}/syncstorage-rs-spanner-python-utils:${{ steps.setup.outputs.image_tag }}
200+
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncstorage-rs-spanner-python-utils:${IMAGE_TAG}
201+
ghcr.io/${{ github.repository }}/syncstorage-rs-spanner-python-utils:${IMAGE_TAG}
193202
EOF
194203
)
195-
if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then
204+
if [[ "${PUSH_LATEST}" == "true" ]]; then
196205
TAGS="$TAGS
197206
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncstorage-rs-spanner-python-utils:latest
198207
ghcr.io/${{ github.repository }}/syncstorage-rs-spanner-python-utils:latest"
199208
fi
200209
echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV"
201210
echo "$TAGS" >> "$GITHUB_ENV"
202211
echo "EOF" >> "$GITHUB_ENV"
212+
env:
213+
IMAGE_TAG: ${{ steps.setup.outputs.image_tag }}
214+
PUSH_LATEST: ${{ steps.setup.outputs.push_latest }}
203215

204216
- uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
205217
with:
@@ -232,18 +244,21 @@ jobs:
232244
- name: Compute tags
233245
run: |
234246
TAGS=$(cat <<EOF
235-
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-postgres-python-utils:${{ steps.setup.outputs.image_tag }}
236-
ghcr.io/${{ github.repository }}/syncserver-postgres-python-utils:${{ steps.setup.outputs.image_tag }}
247+
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-postgres-python-utils:${IMAGE_TAG}
248+
ghcr.io/${{ github.repository }}/syncserver-postgres-python-utils:${IMAGE_TAG}
237249
EOF
238250
)
239-
if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then
251+
if [[ "${PUSH_LATEST}" == "true" ]]; then
240252
TAGS="$TAGS
241253
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-postgres-python-utils:latest
242254
ghcr.io/${{ github.repository }}/syncserver-postgres-python-utils:latest"
243255
fi
244256
echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV"
245257
echo "$TAGS" >> "$GITHUB_ENV"
246258
echo "EOF" >> "$GITHUB_ENV"
259+
env:
260+
IMAGE_TAG: ${{ steps.setup.outputs.image_tag }}
261+
PUSH_LATEST: ${{ steps.setup.outputs.push_latest }}
247262

248263
- name: Build and push to prod GAR and ghcr
249264
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
@@ -272,14 +287,17 @@ jobs:
272287

273288
- name: Compute enterprise tags
274289
run: |
275-
TAGS="us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres-python-utils:${{ steps.setup.outputs.image_tag }}"
276-
if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then
290+
TAGS="us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres-python-utils:${IMAGE_TAG}"
291+
if [[ "${PUSH_LATEST}" == "true" ]]; then
277292
TAGS="$TAGS
278293
us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres-python-utils:latest"
279294
fi
280295
echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV"
281296
echo "$TAGS" >> "$GITHUB_ENV"
282297
echo "EOF" >> "$GITHUB_ENV"
298+
env:
299+
IMAGE_TAG: ${{ steps.setup.outputs.image_tag }}
300+
PUSH_LATEST: ${{ steps.setup.outputs.push_latest }}
283301

284302
- name: Build and push to enterprise GAR
285303
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
@@ -311,18 +329,21 @@ jobs:
311329
- name: Compute tags
312330
run: |
313331
TAGS=$(cat <<EOF
314-
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-mysql:${{ steps.setup.outputs.image_tag }}
315-
ghcr.io/${{ github.repository }}/syncserver-mysql:${{ steps.setup.outputs.image_tag }}
332+
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-mysql:${IMAGE_TAG}
333+
ghcr.io/${{ github.repository }}/syncserver-mysql:${IMAGE_TAG}
316334
EOF
317335
)
318-
if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then
336+
if [[ "${PUSH_LATEST}" == "true" ]]; then
319337
TAGS="$TAGS
320338
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-mysql:latest
321339
ghcr.io/${{ github.repository }}/syncserver-mysql:latest"
322340
fi
323341
echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV"
324342
echo "$TAGS" >> "$GITHUB_ENV"
325343
echo "EOF" >> "$GITHUB_ENV"
344+
env:
345+
IMAGE_TAG: ${{ steps.setup.outputs.image_tag }}
346+
PUSH_LATEST: ${{ steps.setup.outputs.push_latest }}
326347

327348
- uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
328349
with:

0 commit comments

Comments
 (0)