From 60974ec555b6093ce19e9960964c648ffaf51c58 Mon Sep 17 00:00:00 2001 From: Adam Dangoor Date: Tue, 10 Mar 2026 10:01:55 +0000 Subject: [PATCH 1/2] Fix zizmor lint: upgrade to 1.23.1, disable superfluous-actions and secrets-outside-env Made-with: Cursor --- pyproject.toml | 2 +- zizmor.yml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 9404214e6..c5a8dcfda 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -108,7 +108,7 @@ optional-dependencies.dev = [ "vws-test-fixtures==2023.3.5", "vws-web-tools==2026.2.22.1", "yamlfix==1.19.1", - "zizmor==1.22.0", + "zizmor==1.23.1", ] optional-dependencies.release = [ "check-wheel-contents==0.6.3" ] urls.Documentation = "https://vws-python.github.io/vws-python-mock/" diff --git a/zizmor.yml b/zizmor.yml index f63e179d2..11bb67ff5 100644 --- a/zizmor.yml +++ b/zizmor.yml @@ -8,5 +8,9 @@ rules: disable: true dependabot-cooldown: disable: true + superfluous-actions: + disable: true + secrets-outside-env: + disable: true template-injection: disable: true From 173fade0c212901d06c48d211953f449c525368a Mon Sep 17 00:00:00 2001 From: Adam Dangoor Date: Tue, 10 Mar 2026 10:10:28 +0000 Subject: [PATCH 2/2] Remove secrets-outside-env disable, add environment to jobs that use secrets Made-with: Cursor --- .github/workflows/release.yml | 2 ++ .github/workflows/test.yml | 1 + zizmor.yml | 2 -- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 78d5770d7..a40c0e90d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,6 +7,7 @@ jobs: release: name: Create release runs-on: ubuntu-latest + environment: release permissions: # This is needed for https://github.com/stefanzweifel/git-auto-commit-action. @@ -138,6 +139,7 @@ jobs: name: Publish Docker images needs: release runs-on: ubuntu-latest + environment: dockerhub permissions: {} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index bcec038c2..20dcdbe41 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -22,6 +22,7 @@ jobs: # CI tests with matrix ci-tests: runs-on: ubuntu-latest + environment: vuforia strategy: fail-fast: false matrix: diff --git a/zizmor.yml b/zizmor.yml index 11bb67ff5..fab119cb0 100644 --- a/zizmor.yml +++ b/zizmor.yml @@ -10,7 +10,5 @@ rules: disable: true superfluous-actions: disable: true - secrets-outside-env: - disable: true template-injection: disable: true