Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/cargo-audit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
contents: read
issues: write
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- name: Install Rust toolchain (1.89, satisfies cargo-audit's smol_str transitive dep)
uses: dtolnay/rust-toolchain@1.89.0
- name: Install cargo-audit (locked, avoids transitive MSRV churn)
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci-rust.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
name: Check CLI
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- name: Install Linux deps for keyring
run: |
sudo apt-get update
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/cli-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
name: Create GitHub release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: taiki-e/create-gh-release-action@v1
with:
prefix: cli
Expand Down Expand Up @@ -55,7 +55,7 @@
tool: cargo
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- name: Install Linux deps for keyring (native builds only — cross uses Cross.toml)
if: runner.os == 'Linux' && matrix.tool == 'cargo'
run: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
- language: actions
build-mode: none
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/e2e.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false

- name: Check Go project presence
id: gate
Expand Down Expand Up @@ -55,7 +55,7 @@
if: steps.gate.outputs.has_go == 'true'
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
with:
version: v3.21.0
version: v4.2.2

- name: Download dependencies
if: steps.gate.outputs.has_go == 'true'
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
if: github.event_name == 'workflow_dispatch' || contains(github.ref_name, '.')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)
with:
fetch-depth: 0
persist-credentials: false
Expand Down Expand Up @@ -53,7 +53,7 @@
password: ${{ secrets.GITHUB_TOKEN }}
- uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
with:
version: v3.21.0
version: v4.2.2
- name: Log in to GHCR for helm push
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@

steps:
- name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)
with:
persist-credentials: false

Expand Down
Loading