Skip to content

Commit ae64e0d

Browse files
zsolzsol
authored
ci: fix zizmor warnings (#1347)
1 parent 1e67a9b commit ae64e0d

4 files changed

Lines changed: 10 additions & 6 deletions

File tree

.github/workflows/build.yml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,10 +30,8 @@ jobs:
3030
persist-credentials: false
3131
- uses: actions/setup-python@v5
3232
with:
33-
cache: pip
34-
cache-dependency-path: "pyproject.toml"
3533
python-version: "3.12"
36-
- uses: dtolnay/rust-toolchain@stable # zizmor: ignore[unpinned-uses]
34+
- uses: dtolnay/rust-toolchain@stable
3735
- name: Set MACOSX_DEPLOYMENT_TARGET for Intel MacOS
3836
if: matrix.os == 'macos-13'
3937
run: >-

.github/workflows/ci.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@ on:
66
- main
77
pull_request:
88

9+
permissions: {}
10+
911
jobs:
1012
test:
1113
runs-on: ${{ matrix.os }}

.github/workflows/pypi_upload.yml

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -32,19 +32,18 @@ jobs:
3232
merge-multiple: true
3333
- uses: actions/setup-python@v5
3434
with:
35-
cache: pip
36-
cache-dependency-path: "pyproject.toml"
3735
python-version: "3.10"
3836
- name: Install hatch
3937
run: pip install -U hatch
4038
- name: Build a source tarball
4139
env:
4240
LIBCST_NO_LOCAL_SCHEME: 1
41+
OUTDIR: ${{ steps.download.outputs.download-path }}
4342
run: >-
4443
hatch run python -m
4544
build
4645
--sdist
47-
--outdir ${{ steps.download.outputs.download-path }}
46+
--outdir "$OUTDIR"
4847
- name: Publish distribution 📦 to Test PyPI
4948
if: github.event_name == 'push'
5049
uses: pypa/gh-action-pypi-publish@release/v1

zizmor.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
rules:
2+
unpinned-uses:
3+
config:
4+
policies:
5+
"*": ref-pin

0 commit comments

Comments
 (0)