Skip to content

ci: fix zizmor security findings#2290

Merged
blackmwk merged 14 commits intoapache:mainfrom
kevinjqliu:kevinjqliu/zizmor-fix
Mar 31, 2026
Merged

ci: fix zizmor security findings#2290
blackmwk merged 14 commits intoapache:mainfrom
kevinjqliu:kevinjqliu/zizmor-fix

Conversation

@kevinjqliu
Copy link
Copy Markdown
Contributor

@kevinjqliu kevinjqliu commented Mar 28, 2026
edited
Loading

Which issue does this PR close?

Relates to apache/iceberg#15742
Follow up to #2289

What changes are included in this PR?

Fix github workflow based on zizmor recommendation for security best practice

Are these changes tested?

Yes

➜  iceberg-rust git:(kevinjqliu/zizmor-fix) uvx --from zizmor zizmor --offline .github/          
🌈 zizmor v1.23.1
 INFO audit: zizmor: 🌈 completed .github/actions/get-msrv/action.yml
 INFO audit: zizmor: 🌈 completed .github/actions/overwrite-package-version/action.yml
 INFO audit: zizmor: 🌈 completed .github/actions/setup-builder/action.yml
 INFO audit: zizmor: 🌈 completed .github/dependabot.yml
 INFO audit: zizmor: 🌈 completed .github/workflows/audit.yml
 INFO audit: zizmor: 🌈 completed .github/workflows/bindings_python_ci.yml
 INFO audit: zizmor: 🌈 completed .github/workflows/ci.yml
 INFO audit: zizmor: 🌈 completed .github/workflows/ci_typos.yml
 INFO audit: zizmor: 🌈 completed .github/workflows/codeql.yml
 INFO audit: zizmor: 🌈 completed .github/workflows/publish.yml
 INFO audit: zizmor: 🌈 completed .github/workflows/release_python.yml
 INFO audit: zizmor: 🌈 completed .github/workflows/release_python_nightly.yml
 INFO audit: zizmor: 🌈 completed .github/workflows/stale.yml
 INFO audit: zizmor: 🌈 completed .github/workflows/website.yml
No findings to report. Good job! (1 ignored, 37 suppressed)

@kevinjqliu kevinjqliu force-pushed the kevinjqliu/zizmor-fix branch from 991d34c to c064260 Compare March 28, 2026 20:05
@kevinjqliu kevinjqliu mentioned this pull request Mar 28, 2026
Closed
3 tasks
@github-advanced-security
Copy link
Copy Markdown
Contributor

github-advanced-security bot commented Mar 28, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

zizmor found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

@kevinjqliu kevinjqliu force-pushed the kevinjqliu/zizmor-fix branch from 22a46b0 to 7362a59 Compare March 30, 2026 15:52
@kevinjqliu kevinjqliu marked this pull request as ready for review March 30, 2026 15:58
blackmwk
blackmwk approved these changes Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@blackmwk blackmwk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @kevinjqliu for this fix!

@blackmwk blackmwk merged commit 6ee5e71 into apache:main Mar 31, 2026
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@blackmwk blackmwk blackmwk approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kevinjqliu @github-advanced-security @blackmwk