Add shared zizmor workflow#8592
Conversation
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
|
This PR has review comments. Review suggestions, whether from maintainers or automated reviewers, aren't always correct or required. Please evaluate each comment on its merits, then make sure each thread has a clear outcome. For example, link to the commit if you applied a suggestion, explain why it wasn't applied, or ask a follow-up question. Automation flags a PR for human review once every review thread has a reply or is marked as resolved. Status across open PRs is visible on the pull request dashboard. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #8592 +/- ##
=========================================
Coverage 91.61% 91.61%
Complexity 10311 10311
=========================================
Files 1013 1013
Lines 27260 27260
Branches 3201 3201
=========================================
Hits 24975 24975
Misses 1560 1560
Partials 725 725 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Adds zizmor scanning through the OpenTelemetry shared workflow.
The workflow:
regularpersona on pull requests, pushes tomain,release/*, and a randomized weekly schedule;Zizmor remediation
This change also resolves findings from these zizmor rules:
artipackedcache-poisoningdangerous-triggersgithub-apptemplate-injectionAfter merge
zizmorcode-scanning result.If enforcement unexpectedly blocks a valid change, restore
require_zizmor = falseinopen-telemetry/adminwhile leaving scanning enabled.