Skip to content

Zizmor Updates #16

Merged
gcg merged 3 commits into
mainfrom
feature/zizmor
May 18, 2026
Merged

Zizmor Updates #16
gcg merged 3 commits into
mainfrom
feature/zizmor

Conversation

@gcg

@gcg gcg commented May 18, 2026

Copy link
Copy Markdown
Member

whats new

moved the js parts out of yaml, updated release yaml and introduced zizmor workflow. also updated action file according to zizmor warnings

@gcg gcg self-assigned this May 18, 2026
@gcg gcg requested review from a team, cantugdonmez, hionay and onurhanavci May 18, 2026 09:41
@github-advanced-security

github-advanced-security AI commented May 18, 2026

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 18, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This PR refactors the 'Pull Request Preview' action by pinning GitHub Actions to specific SHAs for security, improving environment variable handling in shell scripts to prevent injection, and moving the PR commenting logic into a separate JavaScript file. Feedback includes correcting misleading version comments for pinned actions, adding validation for the deployment URL, replacing the hardcoded bot ID with a more robust identification method, and adding safety checks for the PR payload to prevent runtime errors on non-PR events.

Comment thread action.yaml
Comment thread action.yaml
Comment thread comment-pr.js
Comment thread comment-pr.js
Comment thread comment-pr.js
@gcg gcg merged commit 3337f6a into main May 18, 2026
2 checks passed
@gcg gcg deleted the feature/zizmor branch May 18, 2026 10:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hionay hionay Awaiting requested review from hionay hionay was automatically assigned from Poltio/internals
@onurhanavci onurhanavci Awaiting requested review from onurhanavci onurhanavci was automatically assigned from Poltio/internals
@cantugdonmez cantugdonmez Awaiting requested review from cantugdonmez cantugdonmez was automatically assigned from Poltio/internals
1 more reviewer
@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments
Reviewers whose approvals may not affect merge requirements

Assignees

@gcg gcg

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gcg @github-advanced-security