fix(ci): resolve all zizmor findings and add zizmor pre-commit checks#257
Conversation
gforsyth
added
improvement
jakirkham
left a comment
jakirkham
left a comment
There was a problem hiding this comment.
Thanks Gil! 🙏
Had one nit below. Otherwise LGTM
| NEXT_PATCH_VERSION=$(echo "${LAST_TAG}" | awk -F. -v OFS=. '{$NF += 1 ; print}') | ||
| echo "NEXT_PATCH_VERSION=${NEXT_PATCH_VERSION}" >> "${GITHUB_ENV}" | ||
| - name: Release | ||
| uses: softprops/action-gh-release@v1 | ||
| with: | ||
| files: ${{ env.RELEASE_FILE_NAME }} | ||
| tag_name: ${{ env.NEXT_PATCH_VERSION }} | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| run: | | ||
| gh release create "${NEXT_PATCH_VERSION}" "${RELEASE_FILE_NAME}" \ | ||
| --target "${GITHUB_SHA}" \ | ||
| --title "${NEXT_PATCH_VERSION}" \ | ||
| --notes "" |
There was a problem hiding this comment.
This gets rid of a third-party action in favor of gh functionality -- it will require a merge (of this PR) to test that the release happens as expected.
There was a problem hiding this comment.
Thanks Gil! 🙏
Agree this is a nice improvement
Do we need any other permissions for this to work?
There was a problem hiding this comment.
I think github.token is sufficient? But we'll find out!
Co-authored-by: jakirkham <jakirkham@gmail.com>
jameslamb
left a comment
jameslamb
left a comment
There was a problem hiding this comment.
Very happy to see one less third-party action dependency!
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| run: | | ||
| gh release create "${NEXT_PATCH_VERSION}" "${RELEASE_FILE_NAME}" \ | ||
| --target "${GITHUB_SHA}" \ | ||
| --title "${NEXT_PATCH_VERSION}" \ | ||
| --notes "" |
There was a problem hiding this comment.
Nice! Yeah if this gh CLI call does the same thing as that third-party action, it's definitely preferable.
|
Ok, going to merge this, then make sure that a new release gets cut |
|
/merge |
|
BOOM: https://github.com/rapidsai/gha-tools/releases/tag/v0.0.201 (that's the good kind of |
3 participants
Similar to upstream changes in
shared-workflows, this PR cleans up and annotates all of the workflows and adds thezizmorlinter to make sure changes are checked.Part of rapidsai/build-planning#275