From b3569be95eb5bbc069154d711a9a7cdd263bac69 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Mon, 19 May 2025 13:55:35 -0400 Subject: [PATCH] lint: add zizmor check Signed-off-by: William Woodruff --- .github/workflows/dev-env-test.yml | 2 ++ bin/lint | 1 + requirements/lint.in | 1 + requirements/lint.txt | 13 +++++++++++++ 4 files changed, 17 insertions(+) diff --git a/.github/workflows/dev-env-test.yml b/.github/workflows/dev-env-test.yml index 2d89ee0e302a..72fc1ed22145 100644 --- a/.github/workflows/dev-env-test.yml +++ b/.github/workflows/dev-env-test.yml @@ -5,6 +5,8 @@ on: - cron: '0 13 * * *' # once a day at around 9am eastern workflow_dispatch: +permissions: {} + jobs: build: # TODO: Should we test on other platforms like Windows and Mac? diff --git a/bin/lint b/bin/lint index f199d21bf023..93705f4156c5 100755 --- a/bin/lint +++ b/bin/lint @@ -10,3 +10,4 @@ sphinx-lint --enable=all --disable=line-too-long README.rst CONTRIBUTING.rst doc python -m curlylint ./warehouse/templates ./docs/blog python -m mypy -p warehouse ./bin/flushes +zizmor . diff --git a/requirements/lint.in b/requirements/lint.in index 3332314f3a77..8d453e69fdd9 100644 --- a/requirements/lint.in +++ b/requirements/lint.in @@ -25,3 +25,4 @@ types-stripe types-WTForms types-WebOb types-zxcvbn +zizmor==1.7.0 diff --git a/requirements/lint.txt b/requirements/lint.txt index a0db64a0ebc5..c80c29414f63 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -606,6 +606,19 @@ urllib3==2.4.0 \ --hash=sha256:414bc6535b787febd7567804cc015fee39daab8ad86268f1310a9250697de466 \ --hash=sha256:4e16665048960a0900c702d4a66415956a584919c03361cac9f1df5c5dd7e813 # via types-requests +zizmor==1.7.0 \ + --hash=sha256:405fd2679e180d6399f06b7eef5063f4b9df611b9a60807bcd0bd9d47df9a9b0 \ + --hash=sha256:489ae4e9085d5aa80b9ae40e118f6e94a52af020cc17dc3942b51835ee02445b \ + --hash=sha256:4f987f4b81ef740863db629391c55d1e7ad75723fc30325dfde63ab36537d6b0 \ + --hash=sha256:5973356825328fe7958366a0b02195710fb5ca9dc6dc48cfeebdd342929e59e8 \ + --hash=sha256:639d290d5074456542b6e5e275effe9565f88ffb24ef1088102bb7ca118ae7de \ + --hash=sha256:6562fd039b4f40d94930bfb13e3a65e431fe76e85f87c6143d10c75e8a9c3187 \ + --hash=sha256:8320f78cf19a65b3e81794a731d64a155c24bc8614347ed946b066e3411bb9de \ + --hash=sha256:8dd087a01ac713b8980af73f294c696ebcaafde38bade9a3773a3f792169c4d7 \ + --hash=sha256:a7dd9fa77086836d4fc270372a4fed6273bb92287585388ba258ccd9f59c044f \ + --hash=sha256:ca8a768db5dd267f985cf25515b99a4d893905fff05f4a45cecfc11dc84e4583 \ + --hash=sha256:e199bc49c1b2848ef28b083a3233eab7e289740d625b5e50b3e87de58cc06283 + # via -r requirements/lint.in zope-event==5.0 \ --hash=sha256:2832e95014f4db26c47a13fdaef84cef2f4df37e66b59d8f1f4a8f319a632c26 \ --hash=sha256:bac440d8d9891b4068e2b5a2c5e2c9765a9df762944bda6955f96bb9b91e67cd