From 97aeaec7113b2d62a2c87b55a844ca07f4c14c86 Mon Sep 17 00:00:00 2001 From: Javier Buzzi Date: Tue, 3 Jun 2025 10:09:24 +0200 Subject: [PATCH 1/6] Add github actions static analysis --- pyproject.toml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 46145ee4..36cdfe32 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -63,8 +63,9 @@ xdist = [ "pytest-xdist", ] linting = [ - "ruff==0.9.5", "mypy==1.15.0", + "ruff==0.9.5", + "zizmor==1.9.0", ] [project.urls] Documentation = "https://pytest-django.readthedocs.io/" From e86a9a6e5fe5b833699cf541a62026e4343995b0 Mon Sep 17 00:00:00 2001 From: Javier Buzzi Date: Tue, 3 Jun 2025 10:11:17 +0200 Subject: [PATCH 2/6] Update tox.ini --- tox.ini | 1 + 1 file changed, 1 insertion(+) diff --git a/tox.ini b/tox.ini index a892c38e..709f1ab6 100644 --- a/tox.ini +++ b/tox.ini @@ -48,6 +48,7 @@ commands = ruff check --diff {posargs:pytest_django pytest_django_test tests} ruff format --quiet --diff {posargs:pytest_django pytest_django_test tests} mypy {posargs:pytest_django pytest_django_test tests} + zizmor .github/workflows/deploy.yml .github/workflows/main.yml [testenv:doc8] basepython = python3 From bc0c5f520c492f61772f5afee23eaecb7336d01e Mon Sep 17 00:00:00 2001 From: Javier Buzzi Date: Tue, 3 Jun 2025 10:17:44 +0200 Subject: [PATCH 3/6] Update tox.ini --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index 709f1ab6..2e7c7eb4 100644 --- a/tox.ini +++ b/tox.ini @@ -48,7 +48,7 @@ commands = ruff check --diff {posargs:pytest_django pytest_django_test tests} ruff format --quiet --diff {posargs:pytest_django pytest_django_test tests} mypy {posargs:pytest_django pytest_django_test tests} - zizmor .github/workflows/deploy.yml .github/workflows/main.yml + zizmor .github/workflows/*.yml [testenv:doc8] basepython = python3 From edc49a4a8926f39212d6f7ebe4eee1fe70502c78 Mon Sep 17 00:00:00 2001 From: Javier Buzzi Date: Tue, 3 Jun 2025 10:19:05 +0200 Subject: [PATCH 4/6] Nope, doesnt like astrixs --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index 2e7c7eb4..709f1ab6 100644 --- a/tox.ini +++ b/tox.ini @@ -48,7 +48,7 @@ commands = ruff check --diff {posargs:pytest_django pytest_django_test tests} ruff format --quiet --diff {posargs:pytest_django pytest_django_test tests} mypy {posargs:pytest_django pytest_django_test tests} - zizmor .github/workflows/*.yml + zizmor .github/workflows/deploy.yml .github/workflows/main.yml [testenv:doc8] basepython = python3 From 3ca88a5b95163229f72ec469a21630a1bd4cbb22 Mon Sep 17 00:00:00 2001 From: Javier Buzzi Date: Tue, 3 Jun 2025 11:28:24 +0200 Subject: [PATCH 5/6] Create zizmor.yml --- .github/zizmor.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/zizmor.yml diff --git a/.github/zizmor.yml b/.github/zizmor.yml new file mode 100644 index 00000000..2ed61128 --- /dev/null +++ b/.github/zizmor.yml @@ -0,0 +1,6 @@ +rules: + unpinned-uses: + config: + policies: + actions/*: ref-pin + codecov/codecov-action: ref-pin From 7c5a430f7d1a5c6f4472c9507361f2c3979808c0 Mon Sep 17 00:00:00 2001 From: Javier Buzzi Date: Tue, 3 Jun 2025 11:31:31 +0200 Subject: [PATCH 6/6] Update tox.ini --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index 709f1ab6..fe0e228b 100644 --- a/tox.ini +++ b/tox.ini @@ -48,7 +48,7 @@ commands = ruff check --diff {posargs:pytest_django pytest_django_test tests} ruff format --quiet --diff {posargs:pytest_django pytest_django_test tests} mypy {posargs:pytest_django pytest_django_test tests} - zizmor .github/workflows/deploy.yml .github/workflows/main.yml + zizmor --persona=regular .github/workflows/deploy.yml .github/workflows/main.yml [testenv:doc8] basepython = python3