Skip to content

Commit c26b5f9

Browse files
hugovkhugovk
authored
Add zizmor security linter (#468)
1 parent 41caa24 commit c26b5f9

6 files changed

Lines changed: 37 additions & 25 deletions

File tree

.github/workflows/main.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,8 @@ jobs:
5353
experimental: false
5454
steps:
5555
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
56+
with:
57+
persist-credentials: false
5658
- name: Set up Python ${{ matrix.python }}
5759
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
5860
if: "!endsWith(matrix.python, '-dev')"

.github/workflows/mypy.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ jobs:
1515
runs-on: ubuntu-latest
1616
steps:
1717
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
18+
with:
19+
persist-credentials: false
1820
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
1921
with:
2022
cache: "pip"

.github/workflows/publish.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,12 +16,12 @@ jobs:
1616

1717
steps:
1818
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
19+
with:
20+
persist-credentials: false
1921
- name: Set up Python
2022
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
2123
with:
2224
python-version: '3.x'
23-
cache: pip
24-
cache-dependency-path: pyproject.toml
2525
- name: Install dependencies
2626
run: |
2727
python -m pip install --upgrade build

.pre-commit-config.yaml

Lines changed: 24 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
exclude: ^pyperformance/data-files/
22
repos:
33
- repo: https://github.com/astral-sh/ruff-pre-commit
4-
rev: v0.13.1
4+
rev: v0.15.11
55
hooks:
66
- id: ruff-check
77
name: Run Ruff (lint)
@@ -10,12 +10,33 @@ repos:
1010
name: Run Ruff (format)
1111
args: [--exit-non-zero-on-fix]
1212

13+
- repo: https://github.com/python-jsonschema/check-jsonschema
14+
rev: 0.37.1
15+
hooks:
16+
- id: check-dependabot
17+
- id: check-github-workflows
18+
19+
- repo: https://github.com/rhysd/actionlint
20+
rev: v1.7.12
21+
hooks:
22+
- id: actionlint
23+
24+
- repo: https://github.com/zizmorcore/zizmor-pre-commit
25+
rev: v1.23.1
26+
hooks:
27+
- id: zizmor
28+
1329
- repo: https://github.com/tox-dev/pyproject-fmt
14-
rev: v2.6.0
30+
rev: v2.21.1
1531
hooks:
1632
- id: pyproject-fmt
1733

1834
- repo: https://github.com/abravalheri/validate-pyproject
19-
rev: v0.24.1
35+
rev: v0.25
2036
hooks:
2137
- id: validate-pyproject
38+
39+
- repo: meta
40+
hooks:
41+
- id: check-hooks-apply
42+
- id: check-useless-excludes

pyperformance/tests/data/bm_local_wheel/pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
[project]
22
name = "pyperformance-bm-local-wheel"
33
version = "1.0"
4-
54
requires-python = ">=3.7"
65
classifiers = [
76
"Programming Language :: Python :: 3 :: Only",
@@ -12,6 +11,7 @@ classifiers = [
1211
"Programming Language :: Python :: 3.11",
1312
"Programming Language :: Python :: 3.12",
1413
"Programming Language :: Python :: 3.13",
14+
"Programming Language :: Python :: 3.14",
1515
]
1616
dependencies = [ "pyperf" ]
1717
urls = { repository = "https://github.com/python/pyperformance" }

pyproject.toml

Lines changed: 6 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -36,10 +36,8 @@
3636
# - set version to n+1: pyperformance/__init__.py and doc/conf.py
3737
# - git commit -a -m "post-release"
3838
# - git push
39-
4039
[build-system]
4140
build-backend = "setuptools.build_meta"
42-
4341
requires = [ "setuptools>=61" ]
4442

4543
[project]
@@ -69,7 +67,6 @@ dependencies = [
6967
"pyperf",
7068
"tomli; python_version<'3.11'",
7169
]
72-
7370
optional-dependencies.dev = [
7471
"mypy==1.20.2",
7572
"tomli", # Needed even on 3.11+ for typechecking with mypy
@@ -80,22 +77,15 @@ scripts.pyperformance = "pyperformance.cli:main"
8077

8178
[tool.setuptools]
8279
include-package-data = true
83-
84-
[tool.setuptools.packages]
85-
find = {} # Scanning implicit namespaces is active by default
86-
87-
[tool.setuptools.dynamic]
88-
version = { attr = "pyperformance.__version__" }
80+
dynamic.version = { attr = "pyperformance.__version__" }
81+
packages.find = {} # Scanning implicit namespaces is active by default
8982

9083
[tool.ruff]
9184
target-version = "py310"
92-
9385
exclude = [
9486
"pyperformance/data-files/",
9587
]
96-
9788
fix = true
98-
9989
lint.select = [
10090
"E", # pycodestyle errors
10191
"F", # pyflakes errors
@@ -121,13 +111,10 @@ warn_redundant_casts = true
121111
warn_unused_ignores = true
122112
warn_unused_configs = true
123113
files = [
124-
'pyperformance/',
114+
"pyperformance/",
125115
]
126116
exclude = [
127-
'pyperformance/data-files/',
128-
'pyperformance/tests/',
117+
"pyperformance/data-files/",
118+
"pyperformance/tests/",
129119
]
130-
131-
[[tool.mypy.overrides]]
132-
module = "pyperf"
133-
ignore_missing_imports = true
120+
overrides = [ { module = "pyperf", ignore_missing_imports = true } ]

0 commit comments

Comments
 (0)