diff --git a/.github/workflows/dispatch-workflow-repo.yml b/.github/workflows/dispatch-workflow-repo.yml index e42adb0..198f9bf 100644 --- a/.github/workflows/dispatch-workflow-repo.yml +++ b/.github/workflows/dispatch-workflow-repo.yml @@ -93,4 +93,4 @@ jobs: signoff: true title: '[${{ github.event.inputs.branch }}] ci: update all workflow templates from organization template repository' labels: dependencies - token: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }} diff --git a/.github/workflows/dispatch-workflow.yml b/.github/workflows/dispatch-workflow.yml index 058b553..8271820 100644 --- a/.github/workflows/dispatch-workflow.yml +++ b/.github/workflows/dispatch-workflow.yml @@ -109,4 +109,4 @@ jobs: signoff: true title: 'ci: update ${{ github.event.inputs.name }} workflow from template' labels: dependencies - token: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }} diff --git a/workflow-templates/cypress.yml b/workflow-templates/cypress.yml index 8faa7f1..f0ffa15 100644 --- a/workflow-templates/cypress.yml +++ b/workflow-templates/cypress.yml @@ -68,7 +68,7 @@ jobs: TESTING=true npm run build --if-present - name: Save context - uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: key: cypress-context-${{ github.run_id }} path: ./ @@ -88,7 +88,7 @@ jobs: steps: - name: Restore context - uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: fail-on-cache-miss: true key: cypress-context-${{ github.run_id }} @@ -109,14 +109,14 @@ jobs: - name: Run ${{ startsWith(matrix.containers, 'component') && 'component' || 'E2E' }} cypress tests uses: cypress-io/github-action@4c06c48f3ffea349b7189aa06dfcda47a9fa7b92 # v7.1.8 with: - record: ${{ secrets.CYPRESS_RECORD_KEY && true }} # zizmor: ignore[secrets-outside-env] - parallel: ${{ secrets.CYPRESS_RECORD_KEY && true }} # zizmor: ignore[secrets-outside-env] + record: ${{ secrets.CYPRESS_RECORD_KEY && true }} + parallel: ${{ secrets.CYPRESS_RECORD_KEY && true }} # cypress run type component: ${{ startsWith(matrix.containers, 'component') }} group: ${{ secrets.CYPRESS_RECORD_KEY && env.CYPRESS_GROUP }} # cypress env - ci-build-id: ${{ secrets.CYPRESS_RECORD_KEY && env.CYPRESS_BUILD_ID }} # zizmor: ignore[secrets-outside-env] - tag: ${{ secrets.CYPRESS_RECORD_KEY && github.event_name }} # zizmor: ignore[secrets-outside-env] + ci-build-id: ${{ secrets.CYPRESS_RECORD_KEY && env.CYPRESS_BUILD_ID }} + tag: ${{ secrets.CYPRESS_RECORD_KEY && github.event_name }} env: # Needs to be prefixed with CYPRESS_ CYPRESS_BRANCH: ${{ env.BRANCH }} @@ -125,7 +125,7 @@ jobs: # Needed for some specific code workarounds TESTING: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} # zizmor: ignore[secrets-outside-env] + CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} CYPRESS_BUILD_ID: ${{ github.sha }}-${{ github.run_number }} CYPRESS_GROUP: Run ${{ startsWith(matrix.containers, 'component') && 'component' || 'E2E' }} diff --git a/workflow-templates/npm-audit-fix.yml b/workflow-templates/npm-audit-fix.yml index 32b327d..0f58685 100644 --- a/workflow-templates/npm-audit-fix.yml +++ b/workflow-templates/npm-audit-fix.yml @@ -65,7 +65,7 @@ jobs: if: steps.checkout.outcome == 'success' uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: 'fix(deps): Fix npm audit' committer: GitHub author: nextcloud-command diff --git a/workflow-templates/phpstan.yml b/workflow-templates/phpstan.yml index 6244932..cba8d41 100644 --- a/workflow-templates/phpstan.yml +++ b/workflow-templates/phpstan.yml @@ -52,9 +52,6 @@ jobs: composer remove nextcloud/ocp --dev --no-scripts composer i - - name: Check for vulnerable PHP dependencies - run: composer require --dev roave/security-advisories:dev-latest - - name: Install nextcloud/ocp run: composer require --dev nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} --ignore-platform-reqs --with-dependencies diff --git a/workflow-templates/rector-apply.yml b/workflow-templates/rector-apply.yml index ddd32ee..2a407a4 100644 --- a/workflow-templates/rector-apply.yml +++ b/workflow-templates/rector-apply.yml @@ -56,7 +56,7 @@ jobs: - name: Create Pull Request uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: 'refactor: Apply rector changes' committer: GitHub author: nextcloud-command diff --git a/workflow-templates/sync-workflow-templates.yml b/workflow-templates/sync-workflow-templates.yml index c80d194..8e99648 100644 --- a/workflow-templates/sync-workflow-templates.yml +++ b/workflow-templates/sync-workflow-templates.yml @@ -122,7 +122,7 @@ jobs: - name: Create Pull Request uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: - token: ${{ secrets.COMMAND_BOT_WORKFLOWS }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_WORKFLOWS }} commit-message: 'ci(actions): Update workflow templates from organization template repository' committer: GitHub author: nextcloud-command