Skip to content

ci: zizmor workflow#6623

Merged
tonistiigi merged 2 commits intomoby:masterfrom
crazy-max:zizmor
Mar 31, 2026
Merged

ci: zizmor workflow#6623
tonistiigi merged 2 commits intomoby:masterfrom
crazy-max:zizmor

Conversation

@crazy-max
Copy link
Copy Markdown
Member

@crazy-max crazy-max commented Mar 27, 2026

similar to docker/buildx#3742

@crazy-max
ci: zizmor workflow
463b09b 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security bot commented Mar 27, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@crazy-max
fix zizmor findings
6ba4626 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
@crazy-max crazy-max requested a review from tonistiigi March 27, 2026 12:31
@crazy-max crazy-max marked this pull request as ready for review March 27, 2026 12:32
This was referenced Mar 27, 2026
Merged
Closed
Closed
Open
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
tonistiigi
tonistiigi reviewed Mar 30, 2026
View reviewed changes
.github/dependabot.yml
interval: "daily"
ignore:
# ignore this dependency
# it seems a bug with dependabot as pining to commit sha should not
Copy link
Copy Markdown
Member

@tonistiigi tonistiigi Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did this change?

Copy link
Copy Markdown
Member Author

@crazy-max crazy-max Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are not using commit sha when validating docs in

buildkit/.github/workflows/docs-upstream.yml

Line 37 in 9f86bbc

uses: docker/docs/.github/workflows/validate-upstream.yml@main

That was an oversight from #5702

@tonistiigi tonistiigi merged commit f8fd302 into moby:master Mar 31, 2026
192 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tonistiigi tonistiigi tonistiigi approved these changes

+1 more reviewer

@vvoland vvoland vvoland approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@crazy-max crazy-max

Labels

area/ci

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@crazy-max @github-advanced-security @tonistiigi @vvoland