From a148c197f8f9bb4370206979db46aec5b435549d Mon Sep 17 00:00:00 2001 From: javierzazo Date: Wed, 17 Jun 2026 06:36:20 -0700 Subject: [PATCH] =?UTF-8?q?=F0=9F=92=9A=20ci:=20add=20zizmor?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/zizmor.yml | 28 ++++++++++++++++++++++++++++ CONTRIBUTING.md | 4 ++-- bin/check-all | 4 ++++ bin/check-all.jinja | 4 ++++ mkdocs.yml | 2 +- mkdocs.yml.jinja | 2 +- pyproject.toml | 12 +++++++++++- pyproject.toml.jinja | 2 +- uv.lock | 20 ++++++++++++++++++++ 9 files changed, 72 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/zizmor.yml diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml new file mode 100644 index 0000000..c92be54 --- /dev/null +++ b/.github/workflows/zizmor.yml @@ -0,0 +1,28 @@ +name: zizmor GitHub Actions Analysis + +on: + push: + branches: [main] + pull_request: + branches: [main] + schedule: + - cron: "15 6 * * 1" # weekly Monday 06:15 UTC + +permissions: + contents: read + +jobs: + zizmor: + runs-on: ubuntu-latest + permissions: + security-events: write # Required for upload-sarif (used by zizmor-action) to upload SARIF files. + contents: read # Only needed for private repos. Needed to clone the repo. + actions: read # Only needed for private repos. Needed for upload-sarif to read workflow run info. + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Run zizmor 🌈 + uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 03b9ace..b1e1bc4 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -15,13 +15,13 @@ or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any addi ## :space_invader: Codespaces -We provide a configured devcontainer for you to use in your new project and/or msr-cookie-doh itself. +We provide a configured devcontainer for you to use in your new project and/or cookie-doh itself. You can create a container image with all the necessary dependencies, and use it for remote development in a remote node with [GitHub Codespaces](https://docs.github.com/en/codespaces). :point_right: Click below to clone or fork this repository automatically and start developing: -[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/msr-cambridge-uk/msr-cookie-doh) +[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/microsoft/cookie-doh) ## :gear: Devcontainer diff --git a/bin/check-all b/bin/check-all index b77143b..128c93b 100755 --- a/bin/check-all +++ b/bin/check-all @@ -19,6 +19,10 @@ echo echo "RUNNING CODESPELL" uv run codespell +echo +echo "RUNNING ZIZMOR" +uv run zizmor . + echo echo "RUNNING PYTEST AND COVERAGE" uv run coverage run -m pytest diff --git a/bin/check-all.jinja b/bin/check-all.jinja index 6c1be4c..95a7371 100755 --- a/bin/check-all.jinja +++ b/bin/check-all.jinja @@ -19,6 +19,10 @@ echo echo "RUNNING CODESPELL" uv run codespell +echo +echo "RUNNING ZIZMOR" +uv run zizmor . + echo echo "RUNNING PYTEST AND COVERAGE" uv run coverage run -m pytest diff --git a/mkdocs.yml b/mkdocs.yml index 9c4d053..9588e7e 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -112,6 +112,6 @@ markdown_extensions: # generic: true copyright: | - + extra: generator: false diff --git a/mkdocs.yml.jinja b/mkdocs.yml.jinja index 1a0980b..5a3f0c6 100644 --- a/mkdocs.yml.jinja +++ b/mkdocs.yml.jinja @@ -106,7 +106,7 @@ markdown_extensions: {% if microsoft_internal -%} copyright: | - + extra: generator: false {%- endif %} diff --git a/pyproject.toml b/pyproject.toml index c97a424..89e5372 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -9,7 +9,17 @@ readme = "README.md" dependencies = [] [dependency-groups] -dev = ["codespell", "coverage", "ipykernel", "jinja2", "ruff", "pyright", "pytest", "pytest-cov"] +dev = [ + "codespell", + "coverage", + "ipykernel", + "jinja2", + "ruff", + "pyright", + "pytest", + "pytest-cov", + "zizmor", +] docs = [ "mkdocs", "mkdocs-awesome-pages-plugin", diff --git a/pyproject.toml.jinja b/pyproject.toml.jinja index 7ff7a80..682494b 100644 --- a/pyproject.toml.jinja +++ b/pyproject.toml.jinja @@ -9,7 +9,7 @@ readme = "README.md" dependencies = [] # write here dependencies of your project [dependency-groups] -dev = ["codespell", "coverage", "ipykernel", "ruff", "pyright", "pytest", "pytest-cov"] +dev = ["codespell", "coverage", "ipykernel", "ruff", "pyright", "pytest", "pytest-cov", "zizmor"] {%- if documentation %} docs = [ "mkdocs", diff --git a/uv.lock b/uv.lock index ee20117..132b245 100644 --- a/uv.lock +++ b/uv.lock @@ -244,6 +244,7 @@ dev = [ { name = "pytest" }, { name = "pytest-cov" }, { name = "ruff" }, + { name = "zizmor" }, ] docs = [ { name = "mkdocs" }, @@ -268,6 +269,7 @@ dev = [ { name = "pytest" }, { name = "pytest-cov" }, { name = "ruff" }, + { name = "zizmor" }, ] docs = [ { name = "mkdocs" }, @@ -1414,3 +1416,21 @@ sdist = { url = "https://files.pythonhosted.org/packages/49/b4/51fe890511f0f242d wheels = [ { url = "https://files.pythonhosted.org/packages/bd/6e/95b0e537de1f4d4301f76f944642c6da50d1511cc7b3d64dc418a66c7509/wcwidth-0.8.1-py3-none-any.whl", hash = "sha256:f453740b1e4a4f3291faa37944c555d71056c4da08d59809b307ef4feba695c8", size = 323092, upload-time = "2026-06-08T05:57:21.413Z" }, ] + +[[package]] +name = "zizmor" +version = "1.25.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/b3/41/8987d546e3101cc76748b2f1b0ccda58e244773ef5124d39e7e749e3d6e4/zizmor-1.25.2.tar.gz", hash = "sha256:f26ffeb16659c8922c7b08203ca5a4f8bf5e1a7e8d190734961c40877cf778ea", size = 517794, upload-time = "2026-05-16T06:28:43.816Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/dc/bd/84108a92ccbfda0d28efc11f382997c7a767b58863bf4a550634b8cf0211/zizmor-1.25.2-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:17cc8cfd9d472e8b11945a869c198d25cfdf4a33f36fa7a1f9674099f5fb509d", size = 9115548, upload-time = "2026-05-16T06:28:33.591Z" }, + { url = "https://files.pythonhosted.org/packages/c2/c0/66453a2553a66286a96ca32d75e3e6bcc94ce7f907cd5f8c2c3fce55315e/zizmor-1.25.2-py3-none-macosx_11_0_arm64.whl", hash = "sha256:d3e301eb4465e2da77857cf01ab4ef0184cf3818e826800b270ab01ae7338977", size = 8665071, upload-time = "2026-05-16T06:28:30.861Z" }, + { url = "https://files.pythonhosted.org/packages/52/3e/d60939d1cc4907c0d021a7c46362aab5e8045550bb09157d56c070e43568/zizmor-1.25.2-py3-none-manylinux_2_24_aarch64.whl", hash = "sha256:cf64374149b567c9373228b76c8e77a389b4071899f84b82c36ee50fab894e79", size = 8842884, upload-time = "2026-05-16T06:28:26.041Z" }, + { url = "https://files.pythonhosted.org/packages/46/82/f3e8d9b6d941194f2558591b449c106d46a16ea566b95eccff3a83bf6acc/zizmor-1.25.2-py3-none-manylinux_2_28_armv7l.whl", hash = "sha256:0beba1601be08bd00c9277e6ed4b026e125b26b379d86d6d98eb708409b3050d", size = 8449741, upload-time = "2026-05-16T06:28:45.424Z" }, + { url = "https://files.pythonhosted.org/packages/4b/13/445bc98acc2c976d6b8f8ca59b9c09f055adb5ffb3445d99af8ff7efcb4f/zizmor-1.25.2-py3-none-manylinux_2_28_x86_64.whl", hash = "sha256:c4246f1344d8dbeffc044d7bb11b131773a7db7eb57d9073c45942dfd3543a1f", size = 9285184, upload-time = "2026-05-16T06:28:39.21Z" }, + { url = "https://files.pythonhosted.org/packages/cf/78/fc7717c706bde7531b2fde12003994fbc04c47ab4f91aa6ca9b3b24b30fd/zizmor-1.25.2-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:dbb1b5c85b8de8eaa0227c6620f06c8e4fbd0a4da2086e218bc225c0bef0923d", size = 8886579, upload-time = "2026-05-16T06:28:51.384Z" }, + { url = "https://files.pythonhosted.org/packages/ca/bc/a46f11377cdc145c625d62d88c30fead56f9d29bc31652069a1a0eaed6c2/zizmor-1.25.2-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:d670a1e2f00b3cd56febd145bc1a0b2c4caf1cbe5dad8128721843fa877e2d2e", size = 8413576, upload-time = "2026-05-16T06:28:36.376Z" }, + { url = "https://files.pythonhosted.org/packages/2b/3b/0fd93b77171c8f229e8e1304eecc9931bf3009f722c57967d545d9f151b6/zizmor-1.25.2-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:b75c84d7387389f95edadbe859fb2aaf0a360c5b080932cc53e92ae1db6f09ef", size = 9378162, upload-time = "2026-05-16T06:28:41.999Z" }, + { url = "https://files.pythonhosted.org/packages/b5/3f/dcb85fb9a0d87794847f9043f9db9bb4d274cf4b8077604bc13850c8fdb4/zizmor-1.25.2-py3-none-win32.whl", hash = "sha256:aa9f4c43b499c55339c3ef2e885133c5017cd9a18d76d9335541203cfa5ae1e7", size = 7548509, upload-time = "2026-05-16T06:28:28.828Z" }, + { url = "https://files.pythonhosted.org/packages/d2/81/1cb088098bd53f9b910098b0c19d06dc587acf328a170ef8afd1cd93b482/zizmor-1.25.2-py3-none-win_amd64.whl", hash = "sha256:af55bd9bd119ea8cbce2a7addc3922503019de32c1fe31106d70b3dc77d77908", size = 8609822, upload-time = "2026-05-16T06:28:48.078Z" }, +]