Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: more safe ci using zizmor #859

Merged
merged 1 commit into from
Feb 11, 2025
Merged

ci: more safe ci using zizmor #859

merged 1 commit into from
Feb 11, 2025

Conversation

yihong0618
Copy link
Contributor

What's changed and what's your intention?

Please explain IN DETAIL what the changes are in this PR and why they are needed. :D

As more and more attackers using GitHub Actions to steal the token or attack other users such as Mining Scripts

this patch fix more of them

zizmor: https://woodruffw.github.io/zizmor/

more can check issue one-api or https://www.praetorian.com/blog/compromising-bytedances-rspack-github-actions-vulnerabilities/
we can use static check to avoid them as we can.

e.g.:

astral-sh/ruff#14844

same request for opendal apache/opendal#5502

Checklist

  • I have written the necessary rustdoc comments
  • I have added the necessary unit tests and integration tests
  • I have passed make all (or make fast instead if the old tests are not modified) in my local environment.

Related issues or PRs (optional)

@yihong0618
ci: more safe ci using zizmor
11f9b33 
Signed-off-by: yihong0618 <zouzou0208@gmail.com>
MrCroxx
MrCroxx approved these changes Feb 11, 2025
View reviewed changes
Copy link
Collaborator

@MrCroxx MrCroxx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thank you for your contribution, @yihong0618 🥰

And thank you for letting me know zizmor. The tool looks great.

Let me check if there is some way to include zizmor in CI, instead of checking it locally everytime when updating the CI workflow.

@MrCroxx
Copy link
Collaborator

MrCroxx commented Feb 11, 2025

Please don't mind the failing CI on arm instances. It is a bug from the Github side. I'll rerun the failed test on arm instances.

There is a link to the issue. Please check if you want to learn about it. 🙏 actions/partner-runner-images#47

@MrCroxx MrCroxx added the test label Feb 11, 2025
@MrCroxx MrCroxx added this to the v0.14 milestone Feb 11, 2025
@codecov Codecov
Copy link

codecov bot commented Feb 11, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

see 2 files with indirect coverage changes

@yihong0618
Copy link
Contributor Author

Please don't mind the failing CI on arm instances. It is a bug from the Github side. I'll rerun the failed test on arm instances.

There is a link to the issue. Please check if you want to learn about it. 🙏 actions/partner-runner-images#47

copy that, thanks

@MrCroxx MrCroxx mentioned this pull request Feb 11, 2025
Open
@MrCroxx MrCroxx enabled auto-merge (squash) February 11, 2025 16:28
@MrCroxx MrCroxx merged commit 26a7e88 into foyer-rs:main Feb 11, 2025
32 of 33 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MrCroxx MrCroxx MrCroxx approved these changes

Assignees
No one assigned
Labels
test
Projects
foyer - Development Roadmap
Status: Done
Milestone
v0.14
Development

Successfully merging this pull request may close these issues.
2 participants
@yihong0618 @MrCroxx