Skip to content

Commit 7d601b5

Browse files
authored
Merge pull request #329 from praw-dev/zizmor-pedantic
Resolve zizmor pedantic workflow findings
2 parents a46006b + 6bd0630 commit 7d601b5

8 files changed

Lines changed: 22 additions & 13 deletions

File tree

.github/dependabot.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,13 @@ updates:
66
interval: monthly
77
labels:
88
- "Dependencies"
9+
cooldown:
10+
default-days: 1
911
- package-ecosystem: uv
1012
directory: /
1113
schedule:
1214
interval: monthly
1315
labels:
1416
- "Dependencies"
17+
cooldown:
18+
default-days: 1

.github/workflows/ci.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ concurrency:
44
jobs:
55
ci:
66
name: CI
7-
uses: praw-dev/.github/.github/workflows/ci.yml@aa63811572338b6343772c542574909f1cbd8d78 # v1.5.0
7+
uses: praw-dev/.github/.github/workflows/ci.yml@ec3a733628adc5bd596def5294dae9fb4eb1e501 # v1.6.0
88
with:
99
min_python: "3.10"
1010
python_versions: '["3.10", "3.11", "3.12", "3.13", "3.14"]'
@@ -14,4 +14,5 @@ on:
1414
push:
1515
branches: ["main"]
1616
pull_request:
17-
permissions: read-all
17+
permissions:
18+
contents: read

.github/workflows/lint.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ jobs:
66
name: Lint workflows
77
permissions:
88
contents: read # required to check out the repository
9-
uses: praw-dev/.github/.github/workflows/lint.yml@aa63811572338b6343772c542574909f1cbd8d78 # v1.5.0
9+
uses: praw-dev/.github/.github/workflows/lint.yml@ec3a733628adc5bd596def5294dae9fb4eb1e501 # v1.6.0
1010
name: Lint workflows
1111
on:
1212
pull_request:

.github/workflows/pre-commit_autoupdate.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ jobs:
44
secrets:
55
APP_ID: ${{ secrets.APP_ID }}
66
APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
7-
uses: praw-dev/.github/.github/workflows/pre-commit_autoupdate.yml@aa63811572338b6343772c542574909f1cbd8d78 # v1.5.0
7+
uses: praw-dev/.github/.github/workflows/pre-commit_autoupdate.yml@ec3a733628adc5bd596def5294dae9fb4eb1e501 # v1.6.0
88
name: Update pre-commit hooks
99
on:
1010
schedule:

.github/workflows/prepare_release.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ jobs:
44
secrets:
55
APP_ID: ${{ secrets.APP_ID }}
66
APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
7-
uses: praw-dev/.github/.github/workflows/prepare_release.yml@aa63811572338b6343772c542574909f1cbd8d78 # v1.5.0
7+
uses: praw-dev/.github/.github/workflows/prepare_release.yml@ec3a733628adc5bd596def5294dae9fb4eb1e501 # v1.6.0
88
with:
99
package: prawcore
1010
version: ${{ inputs.version }}

.github/workflows/pypi.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,12 @@
1+
concurrency:
2+
group: pypi-${{ github.ref }}
3+
cancel-in-progress: false
14
jobs:
25
pypi-publish:
36
environment: release
47
name: Upload release to PyPI
58
permissions:
6-
id-token: write
9+
id-token: write # required for PyPI trusted publishing
710
runs-on: ubuntu-latest
811
steps:
912
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

.github/workflows/scorecard.yml

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -13,17 +13,18 @@ on:
1313
- cron: '36 1 * * 3'
1414
push:
1515
branches: [ "main" ]
16-
# Declare default permissions as read only.
17-
permissions: read-all
16+
concurrency:
17+
group: scorecard-${{ github.ref }}
18+
cancel-in-progress: true
19+
# No workflow-level permissions; the analysis job grants its own.
20+
permissions: {}
1821
jobs:
1922
analysis:
2023
name: Scorecard analysis
2124
runs-on: ubuntu-latest
2225
permissions:
23-
# Needed to upload the results to code-scanning dashboard.
24-
security-events: write
25-
# Needed to publish results and get a badge (see publish_results below).
26-
id-token: write
26+
security-events: write # upload results to the code-scanning dashboard
27+
id-token: write # publish results and get a badge (see publish_results below)
2728
# Uncomment the permissions below if installing in a private repository.
2829
# contents: read
2930
# actions: read

.github/workflows/tag_release.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ jobs:
33
name: Tag Release
44
permissions:
55
contents: write # required to push the release tag
6-
uses: praw-dev/.github/.github/workflows/tag_release.yml@aa63811572338b6343772c542574909f1cbd8d78 # v1.5.0
6+
uses: praw-dev/.github/.github/workflows/tag_release.yml@ec3a733628adc5bd596def5294dae9fb4eb1e501 # v1.6.0
77
name: Tag Release
88
on:
99
push:

0 commit comments

Comments
 (0)