Skip to content

Commit 1464236

Browse files
committed
Resolve zizmor pedantic findings in workflows
1 parent a46006b commit 1464236

4 files changed

Lines changed: 18 additions & 9 deletions

File tree

.github/dependabot.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,13 @@ updates:
66
interval: monthly
77
labels:
88
- "Dependencies"
9+
cooldown:
10+
default-days: 1
911
- package-ecosystem: uv
1012
directory: /
1113
schedule:
1214
interval: monthly
1315
labels:
1416
- "Dependencies"
17+
cooldown:
18+
default-days: 1

.github/workflows/ci.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ concurrency:
44
jobs:
55
ci:
66
name: CI
7-
uses: praw-dev/.github/.github/workflows/ci.yml@aa63811572338b6343772c542574909f1cbd8d78 # v1.5.0
7+
uses: praw-dev/.github/.github/workflows/ci.yml@ec3a733628adc5bd596def5294dae9fb4eb1e501 # v1.6.0
88
with:
99
min_python: "3.10"
1010
python_versions: '["3.10", "3.11", "3.12", "3.13", "3.14"]'
@@ -14,4 +14,5 @@ on:
1414
push:
1515
branches: ["main"]
1616
pull_request:
17-
permissions: read-all
17+
permissions:
18+
contents: read

.github/workflows/pypi.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,12 @@
1+
concurrency:
2+
group: pypi-${{ github.ref }}
3+
cancel-in-progress: false
14
jobs:
25
pypi-publish:
36
environment: release
47
name: Upload release to PyPI
58
permissions:
6-
id-token: write
9+
id-token: write # required for PyPI trusted publishing
710
runs-on: ubuntu-latest
811
steps:
912
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

.github/workflows/scorecard.yml

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -13,17 +13,18 @@ on:
1313
- cron: '36 1 * * 3'
1414
push:
1515
branches: [ "main" ]
16-
# Declare default permissions as read only.
17-
permissions: read-all
16+
concurrency:
17+
group: scorecard-${{ github.ref }}
18+
cancel-in-progress: true
19+
# No workflow-level permissions; the analysis job grants its own.
20+
permissions: {}
1821
jobs:
1922
analysis:
2023
name: Scorecard analysis
2124
runs-on: ubuntu-latest
2225
permissions:
23-
# Needed to upload the results to code-scanning dashboard.
24-
security-events: write
25-
# Needed to publish results and get a badge (see publish_results below).
26-
id-token: write
26+
security-events: write # upload results to the code-scanning dashboard
27+
id-token: write # publish results and get a badge (see publish_results below)
2728
# Uncomment the permissions below if installing in a private repository.
2829
# contents: read
2930
# actions: read

0 commit comments

Comments
 (0)