From dfa9daa63e7e8a29cabf9fd4d6e352420078cc8c Mon Sep 17 00:00:00 2001 From: James Crocker <87319125+jamesc-grafana@users.noreply.github.com> Date: Wed, 30 Apr 2025 15:14:00 +0100 Subject: [PATCH 1/7] test workflow --- testdata/.github/workflows/{testworkflow.yml => empty.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename testdata/.github/workflows/{testworkflow.yml => empty.yml} (100%) diff --git a/testdata/.github/workflows/testworkflow.yml b/testdata/.github/workflows/empty.yml similarity index 100% rename from testdata/.github/workflows/testworkflow.yml rename to testdata/.github/workflows/empty.yml From c344646ed44787cd8891680e711d82a2c9b6738a Mon Sep 17 00:00:00 2001 From: James Crocker <87319125+jamesc-grafana@users.noreply.github.com> Date: Wed, 30 Apr 2025 15:15:55 +0100 Subject: [PATCH 2/7] update permissions --- .github/workflows/test.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 30ba1a0..74a9fea 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -3,4 +3,9 @@ on: pull_request: jobs: zizmor: + permissions: + contents: read + actions: read + pull-requests: write + security-events: write uses: grafana/shared-workflows/.github/workflows/reusable-zizmor.yml@8fa210559ab2cc62e7b12d3bb9cba19dbc862c11 From 7b1fd2445ed98c25e6bb3377d1ade7e01e0420c6 Mon Sep 17 00:00:00 2001 From: James Crocker <87319125+jamesc-grafana@users.noreply.github.com> Date: Fri, 16 May 2025 15:53:15 +0100 Subject: [PATCH 3/7] bump zizmor version --- .github/workflows/test.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 74a9fea..187adcc 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -3,9 +3,4 @@ on: pull_request: jobs: zizmor: - permissions: - contents: read - actions: read - pull-requests: write - security-events: write - uses: grafana/shared-workflows/.github/workflows/reusable-zizmor.yml@8fa210559ab2cc62e7b12d3bb9cba19dbc862c11 + uses: grafana/shared-workflows/.github/workflows/reusable-zizmor.yml@5a413efebe3688c4761412b1c211af0e03c0e892 From eae3ccce50ad2b3281f377838992791b7a28c89b Mon Sep 17 00:00:00 2001 From: James Crocker <87319125+jamesc-grafana@users.noreply.github.com> Date: Fri, 16 May 2025 15:54:49 +0100 Subject: [PATCH 4/7] bump permissions --- .github/workflows/test.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 187adcc..b00178f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -3,4 +3,10 @@ on: pull_request: jobs: zizmor: + permissions: + actions: read + contents: read + id-token: write + pull-requests: write + security-events: write uses: grafana/shared-workflows/.github/workflows/reusable-zizmor.yml@5a413efebe3688c4761412b1c211af0e03c0e892 From 23cc9f7612f0479a4f376674ea1e8dc25496cd91 Mon Sep 17 00:00:00 2001 From: James Crocker <87319125+jamesc-grafana@users.noreply.github.com> Date: Fri, 16 May 2025 16:08:58 +0100 Subject: [PATCH 5/7] valid workflow --- testdata/.github/workflows/empty.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/testdata/.github/workflows/empty.yml b/testdata/.github/workflows/empty.yml index e69de29..a69347e 100644 --- a/testdata/.github/workflows/empty.yml +++ b/testdata/.github/workflows/empty.yml @@ -0,0 +1,13 @@ +on: + push: + pull_request: + jobs: + zizmor: + permissions: + actions: read + contents: read + id-token: write + pull-requests: write + security-events: write + uses: grafana/shared-workflows/.github/workflows/reusable-zizmor.yml@5a413efebe3688c4761412b1c211af0e03c0e892 + \ No newline at end of file From 1e8a3ff9c25ae457af9a29b3222090593f4b1975 Mon Sep 17 00:00:00 2001 From: James Crocker <87319125+jamesc-grafana@users.noreply.github.com> Date: Fri, 16 May 2025 16:10:52 +0100 Subject: [PATCH 6/7] fix structure --- testdata/.github/workflows/empty.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/testdata/.github/workflows/empty.yml b/testdata/.github/workflows/empty.yml index a69347e..9f0d500 100644 --- a/testdata/.github/workflows/empty.yml +++ b/testdata/.github/workflows/empty.yml @@ -1,13 +1,13 @@ on: - push: - pull_request: - jobs: - zizmor: - permissions: - actions: read - contents: read - id-token: write - pull-requests: write - security-events: write - uses: grafana/shared-workflows/.github/workflows/reusable-zizmor.yml@5a413efebe3688c4761412b1c211af0e03c0e892 - \ No newline at end of file + push: + pull_request: + +jobs: + zizmor: + permissions: + actions: read + contents: read + id-token: write + pull-requests: write + security-events: write + uses: grafana/shared-workflows/.github/workflows/reusable-zizmor.yml@5a413efebe3688c4761412b1c211af0e03c0e892 From bc8b1ed430a93a75f7c4c67dbbbf6de105e6fdd5 Mon Sep 17 00:00:00 2001 From: James Crocker <87319125+jamesc-grafana@users.noreply.github.com> Date: Fri, 16 May 2025 16:17:01 +0100 Subject: [PATCH 7/7] bump version --- testdata/.github/workflows/empty.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testdata/.github/workflows/empty.yml b/testdata/.github/workflows/empty.yml index 9f0d500..f9fe1f1 100644 --- a/testdata/.github/workflows/empty.yml +++ b/testdata/.github/workflows/empty.yml @@ -10,4 +10,4 @@ jobs: id-token: write pull-requests: write security-events: write - uses: grafana/shared-workflows/.github/workflows/reusable-zizmor.yml@5a413efebe3688c4761412b1c211af0e03c0e892 + uses: grafana/shared-workflows/.github/workflows/reusable-zizmor.yml@8bc832fdda20909e19808ad2e59017d6e68f4c33