Skip to content

chore(actions): address zizmor findings#13615

Open
g-husam wants to merge 5 commits into
mainfrom
zizmor-cleanup
Open

chore(actions): address zizmor findings#13615
g-husam wants to merge 5 commits into
mainfrom
zizmor-cleanup

Conversation

@g-husam

@g-husam g-husam commented Jul 1, 2026

Copy link
Copy Markdown

This PR is an auto-generated attempt to address zizmor findings. It may not catch everything, and should be reviewed by repository owners.

These changes were generated by running zizmor --fix=all --gh-token=$(gh auth token) ./.github/workflows, and then applying some fixes for any remaining issues reported by zizmor. See go/github-zizmor-help for instructions to install and run.

Additionally, it updates renovate configuration (if present) to extend best-practices, which includes pinning action digests and image digests, among other things.

If this PR is unhelpful, feel free to close the PR and address separately. If it is helpful, feel free to approve and merge, or edit/modify as needed to get it to the right state. Repository owners must ultimately ensure compliance by 2026-07-13. The purpose of this PR is to provide some assistance with achieving that as a first pass. This will become a blocking check for new changes to github workflows on 2026-07-13 within the googleapis org.

There may be some ignored findings (with the comment # zizmor: ignore[...]), which you may fix if feasible.

@gemini-code-assist

Copy link
Copy Markdown
Contributor

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

@g-husam g-husam marked this pull request as ready for review July 1, 2026 04:30
@g-husam g-husam requested review from a team as code owners July 1, 2026 04:30
@blakeli0

blakeli0 commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@g-husam Please resolve the merge conflict.

g-husam added 5 commits July 1, 2026 20:19
This PR is an auto-generated attempt to address zizmor findings. It may not catch everything, and should be reviewed by repository owners. If it is unhelpful, feel free to close the PR and address separately.

This PR was generated by running `zizmor --fix=all --gh-token=$(gh auth token) ./.github/workflows`. See go/github-zizmor-help for instructions to install and run.

If this PR is helpful, feel free to approve and merge, or edit/modify as needed to get it to the right state. Repository owners must ultimately ensure compliance by 2026-07-13. The purpose of this PR is to provide some assistance with achieving that as a first pass. This will become a blocking check for new changes to github workflows on 2026-07-13 within the `googleapis` org.

There may be some ignored findings (with the comment `# zizmor: ignore[...]`), which you may fix if feasible.
@sonarqubecloud

sonarqubecloud Bot commented Jul 1, 2026

Copy link
Copy Markdown

@sonarqubecloud

sonarqubecloud Bot commented Jul 1, 2026

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants