diff --git a/.github/workflows/dispatch-workflow-org.yml b/.github/workflows/dispatch-workflow-org.yml index 632a15d4..f49b0b69 100644 --- a/.github/workflows/dispatch-workflow-org.yml +++ b/.github/workflows/dispatch-workflow-org.yml @@ -25,7 +25,7 @@ jobs: - name: Get all repositories id: get-repos env: - GH_TOKEN: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }} # zizmor: ignore[secrets-outside-env] + GH_TOKEN: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }} run: | repositories=$(gh api \ --paginate \ @@ -45,7 +45,7 @@ jobs: steps: - name: Dispatch update workflow env: - GH_TOKEN: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }} # zizmor: ignore[secrets-outside-env] + GH_TOKEN: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }} run: | gh workflow run dispatch-workflow-repo.yml \ --repo ${{ github.repository }} \ diff --git a/.github/workflows/dispatch-workflow-repo.yml b/.github/workflows/dispatch-workflow-repo.yml index e42adb0e..198f9bfe 100644 --- a/.github/workflows/dispatch-workflow-repo.yml +++ b/.github/workflows/dispatch-workflow-repo.yml @@ -93,4 +93,4 @@ jobs: signoff: true title: '[${{ github.event.inputs.branch }}] ci: update all workflow templates from organization template repository' labels: dependencies - token: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }} diff --git a/.github/workflows/dispatch-workflow.yml b/.github/workflows/dispatch-workflow.yml index 058b5533..8271820c 100644 --- a/.github/workflows/dispatch-workflow.yml +++ b/.github/workflows/dispatch-workflow.yml @@ -109,4 +109,4 @@ jobs: signoff: true title: 'ci: update ${{ github.event.inputs.name }} workflow from template' labels: dependencies - token: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }} diff --git a/workflow-templates/appstore-build-publish.yml b/workflow-templates/appstore-build-publish.yml index 1e6bd328..fc73fb96 100644 --- a/workflow-templates/appstore-build-publish.yml +++ b/workflow-templates/appstore-build-publish.yml @@ -172,7 +172,7 @@ jobs: tar -xvf ${{ env.APP_NAME }}.tar.gz cd ../../../ # Setting up keys - echo '${{ secrets.APP_PRIVATE_KEY }}' > ${{ env.APP_NAME }}.key # zizmor: ignore[secrets-outside-env] + echo '${{ secrets.APP_PRIVATE_KEY }}' > ${{ env.APP_NAME }}.key wget --quiet "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt" # Signing php nextcloud/occ integrity:sign-app --privateKey=../${{ env.APP_NAME }}.key --certificate=../${{ env.APP_NAME }}.crt --path=../${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }} @@ -194,6 +194,6 @@ jobs: uses: nextcloud-releases/nextcloud-appstore-push-action@a011fe619bcf6e77ddebc96f9908e1af4071b9c1 # v1.0.3 with: app_name: ${{ env.APP_NAME }} - appstore_token: ${{ secrets.APPSTORE_TOKEN }} # zizmor: ignore[secrets-outside-env] + appstore_token: ${{ secrets.APPSTORE_TOKEN }} download_url: ${{ steps.attach_to_release.outputs.browser_download_url }} - app_private_key: ${{ secrets.APP_PRIVATE_KEY }} # zizmor: ignore[secrets-outside-env] + app_private_key: ${{ secrets.APP_PRIVATE_KEY }} diff --git a/workflow-templates/command-compile.yml b/workflow-templates/command-compile.yml index b3989ff6..ba5ea1f7 100644 --- a/workflow-templates/command-compile.yml +++ b/workflow-templates/command-compile.yml @@ -59,7 +59,7 @@ jobs: - name: Add reaction on start uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 with: - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} comment-id: ${{ github.event.comment.id }} reactions: '+1' @@ -86,7 +86,7 @@ jobs: uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 if: failure() with: - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} comment-id: ${{ github.event.comment.id }} reactions: '-1' @@ -107,7 +107,7 @@ jobs: with: # Needed to allow force push later persist-credentials: true - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} fetch-depth: 0 ref: ${{ needs.init.outputs.head_ref }} @@ -216,7 +216,7 @@ jobs: uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 if: failure() with: - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} comment-id: ${{ github.event.comment.id }} reactions: '-1' diff --git a/workflow-templates/command-openapi.yml b/workflow-templates/command-openapi.yml index 97f4c69e..464bb33e 100644 --- a/workflow-templates/command-openapi.yml +++ b/workflow-templates/command-openapi.yml @@ -59,7 +59,7 @@ jobs: - name: Add reaction on start uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 with: - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} comment-id: ${{ github.event.comment.id }} reactions: '+1' @@ -86,7 +86,7 @@ jobs: uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 if: failure() with: - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} comment-id: ${{ github.event.comment.id }} reactions: '-1' @@ -107,7 +107,7 @@ jobs: with: # Needed to allow force push later persist-credentials: true - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} fetch-depth: 0 ref: ${{ needs.init.outputs.head_ref }} @@ -193,7 +193,7 @@ jobs: uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 if: failure() with: - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} comment-id: ${{ github.event.comment.id }} reactions: '-1' diff --git a/workflow-templates/cypress.yml b/workflow-templates/cypress.yml index b67071a0..5dc0af2b 100644 --- a/workflow-templates/cypress.yml +++ b/workflow-templates/cypress.yml @@ -118,14 +118,14 @@ jobs: - name: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }} cypress tests uses: cypress-io/github-action@783cb3f07983868532cabaedaa1e6c00ff4786a8 # v7.1.9 with: - record: ${{ secrets.CYPRESS_RECORD_KEY && true }} # zizmor: ignore[secrets-outside-env] - parallel: ${{ secrets.CYPRESS_RECORD_KEY && true }} # zizmor: ignore[secrets-outside-env] + record: ${{ secrets.CYPRESS_RECORD_KEY && true }} + parallel: ${{ secrets.CYPRESS_RECORD_KEY && true }} # cypress run type component: ${{ matrix.containers == 'component' }} - group: ${{ secrets.CYPRESS_RECORD_KEY && env.CYPRESS_GROUP }} # zizmor: ignore[secrets-outside-env] + group: ${{ secrets.CYPRESS_RECORD_KEY && env.CYPRESS_GROUP }} # cypress env - ci-build-id: ${{ secrets.CYPRESS_RECORD_KEY && env.CYPRESS_BUILD_ID }} # zizmor: ignore[secrets-outside-env] - tag: ${{ secrets.CYPRESS_RECORD_KEY && github.event_name }} # zizmor: ignore[secrets-outside-env] + ci-build-id: ${{ secrets.CYPRESS_RECORD_KEY && env.CYPRESS_BUILD_ID }} + tag: ${{ secrets.CYPRESS_RECORD_KEY && github.event_name }} env: # Needs to be prefixed with CYPRESS_ CYPRESS_BRANCH: ${{ env.BRANCH }} @@ -134,7 +134,7 @@ jobs: # Needed for some specific code workarounds TESTING: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} # zizmor: ignore[secrets-outside-env] + CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} CYPRESS_BUILD_ID: ${{ github.sha }}-${{ github.run_number }} CYPRESS_GROUP: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }} diff --git a/workflow-templates/npm-audit-fix.yml b/workflow-templates/npm-audit-fix.yml index 3e274392..23bae52f 100644 --- a/workflow-templates/npm-audit-fix.yml +++ b/workflow-templates/npm-audit-fix.yml @@ -71,7 +71,7 @@ jobs: if: steps.checkout.outcome == 'success' uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: 'fix(deps): Fix npm audit' committer: GitHub author: nextcloud-command diff --git a/workflow-templates/rector-apply.yml b/workflow-templates/rector-apply.yml index 6b33ad7a..e356a7a5 100644 --- a/workflow-templates/rector-apply.yml +++ b/workflow-templates/rector-apply.yml @@ -56,7 +56,7 @@ jobs: - name: Create Pull Request uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: 'refactor: Apply rector changes' committer: GitHub author: nextcloud-command diff --git a/workflow-templates/sync-workflow-templates.yml b/workflow-templates/sync-workflow-templates.yml index c80d1944..8e99648a 100644 --- a/workflow-templates/sync-workflow-templates.yml +++ b/workflow-templates/sync-workflow-templates.yml @@ -122,7 +122,7 @@ jobs: - name: Create Pull Request uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: - token: ${{ secrets.COMMAND_BOT_WORKFLOWS }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_WORKFLOWS }} commit-message: 'ci(actions): Update workflow templates from organization template repository' committer: GitHub author: nextcloud-command diff --git a/workflow-templates/update-nextcloud-ocp-matrix.yml b/workflow-templates/update-nextcloud-ocp-matrix.yml index 276934c9..b8950bf9 100644 --- a/workflow-templates/update-nextcloud-ocp-matrix.yml +++ b/workflow-templates/update-nextcloud-ocp-matrix.yml @@ -90,7 +90,7 @@ jobs: - name: Create Pull Request uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: 'chore(dev-deps): Bump nextcloud/ocp package' committer: GitHub author: nextcloud-command diff --git a/workflow-templates/update-nextcloud-ocp.yml b/workflow-templates/update-nextcloud-ocp.yml index a3c0f23e..835f9561 100644 --- a/workflow-templates/update-nextcloud-ocp.yml +++ b/workflow-templates/update-nextcloud-ocp.yml @@ -99,7 +99,7 @@ jobs: if: steps.checkout.outcome == 'success' uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: 'chore(dev-deps): Bump nextcloud/ocp package' committer: GitHub author: nextcloud-command