Skip to content

Fix security-related issues in github actions flagged by zizmor#21

Merged
godlygeek merged 1 commit into
bloomberg:mainfrom
peytondmurray:18-harden-gh-actions
May 29, 2026
Merged

Fix security-related issues in github actions flagged by zizmor#21
godlygeek merged 1 commit into
bloomberg:mainfrom
peytondmurray:18-harden-gh-actions

Conversation

@peytondmurray
Copy link
Copy Markdown
Contributor

@peytondmurray peytondmurray commented May 18, 2026

Issue number of the reported bug or feature request:
Closes #18.

Describe your changes
This PR resolves security-related issues with the github actions flagged by zizmor, and adds zizmor as a github action to ensure we don't introduce new security vulnerabilities in the future.

I also removed the PYTHON=... in the make lint call. There is no matrix.python-version variable, so this wasn't doing anything.

Testing performed
Testing will be done as part of CI.

@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented May 18, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

sarahmonod
sarahmonod approved these changes May 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@sarahmonod sarahmonod left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM although I suspect @godlygeek will want to rewrite the commit message. Also I wonder if we should add Dependabot here, given that the upload and download actions seem out of date to me.

@peytondmurray @godlygeek
ci: Harden GitHub Actions workflows
2c7d09a 
Fix security-related issues in GitHub Actions flagged by zizmor.

Signed-off-by: Peyton Murray <peynmurray@gmail.com>
@godlygeek godlygeek force-pushed the 18-harden-gh-actions branch from 7c83689 to 2c7d09a Compare May 29, 2026 01:01
godlygeek
godlygeek approved these changes May 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@godlygeek godlygeek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution, @peytondmurray!

@godlygeek godlygeek enabled auto-merge (rebase) May 29, 2026 01:02
@godlygeek godlygeek merged commit 83b6fd1 into bloomberg:main May 29, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@godlygeek godlygeek godlygeek approved these changes

@sarahmonod sarahmonod sarahmonod approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fix problems reported by zizmor

4 participants

@peytondmurray @github-advanced-security @godlygeek @sarahmonod