Skip to content

DEVOPS-977: use v3 of zizmor github workflows#105

Merged
sebhmg merged 2 commits intodevelopfrom
DEVOPS-977-zizmor-patch
Apr 8, 2026
Merged

DEVOPS-977: use v3 of zizmor github workflows#105
sebhmg merged 2 commits intodevelopfrom
DEVOPS-977-zizmor-patch

Conversation

@andrewg-mira
Copy link
Copy Markdown
Contributor

@andrewg-mira andrewg-mira commented Mar 20, 2026
edited by github-actions bot
Loading

DEVOPS-977 - Zizmor: Allow trusted tag-pinned github actions

Copilot AI review requested due to automatic review settings March 20, 2026 20:55
@github-actions github-actions bot changed the title DEVOPS-977 use v3 of zizmor github workflows DEVOPS-977: use v3 of zizmor github workflows Mar 20, 2026
Copilot AI reviewed Mar 20, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the repository’s GitHub Actions security scan workflow to use v3 of the shared zizmor reusable workflows from MiraGeoscience/CI-tools.

Changes:

  • Bump reusable workflow reference for zizmor “advanced security” from @v2 to @v3.
  • Bump reusable workflow reference for zizmor “annotate” from @v2 to @v3.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/security_scan.yml Outdated
Comment on lines +27 to +34
contents: read
actions: read
uses: MiraGeoscience/CI-tools/.github/workflows/reusable-zizmor-advanced-security.yml@v2
uses: MiraGeoscience/CI-tools/.github/workflows/reusable-zizmor-advanced-security.yml@v3
Copy link

Copilot AI Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The job id call-workflow-zizmor-annotate is misleading here because this job runs the "advanced security" workflow (reusable-zizmor-advanced-security.yml). Consider renaming the job key to reflect what it actually executes to reduce confusion in logs and future needs: references.

Copilot uses AI. Check for mistakes.
.github/workflows/security_scan.yml Outdated
Comment on lines +36 to +43
@@ -40,4 +40,4 @@ jobs:
checks: write
contents: read
actions: read
uses: MiraGeoscience/CI-tools/.github/workflows/reusable-zizmor-annotate.yml@v2
uses: MiraGeoscience/CI-tools/.github/workflows/reusable-zizmor-annotate.yml@v3
Copy link

Copilot AI Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The job id call-workflow-zizmor-advanced-security is misleading here because this job runs the "annotate" workflow (reusable-zizmor-annotate.yml) for pull requests. Consider renaming the job key to match the workflow being called for clarity and to avoid confusion if other jobs depend on it via needs:.

Copilot uses AI. Check for mistakes.
@andrewg-mira andrewg-mira force-pushed the DEVOPS-977-zizmor-patch branch from d791949 to 4fa3854 Compare March 27, 2026 15:09
sebhmg
sebhmg approved these changes Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@sebhmg sebhmg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All required checks passed. Approving for merge.

@sebhmg sebhmg merged commit cd874c4 into develop Apr 8, 2026
20 checks passed
@sebhmg sebhmg deleted the DEVOPS-977-zizmor-patch branch April 8, 2026 17:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@sebhmg sebhmg sebhmg approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@andrewg-mira @sebhmg