801f69a7b4
## Summary Changes the ecosystem-analyzer workflow to deploy the diff to Cloudflare pages and post a link in the PR. Also adds a summary statistics to that PR comment. ## Test Plan The comment below: https://github.com/astral-sh/ruff/pull/19234#issuecomment-3053205937. I previously had some dummy changes on this PR to see a non-zero diff. And I didn't reapply the label after I reverted that change, such that it's still visible for reviewers.
21 lines
645 B
YAML
21 lines
645 B
YAML
# Configuration for the zizmor static analysis tool, run via pre-commit in CI
|
|
# https://woodruffw.github.io/zizmor/configuration/
|
|
#
|
|
# TODO: can we remove the ignores here so that our workflows are more secure?
|
|
rules:
|
|
dangerous-triggers:
|
|
ignore:
|
|
- pr-comment.yaml
|
|
cache-poisoning:
|
|
ignore:
|
|
- build-docker.yml
|
|
- publish-playground.yml
|
|
- ty-ecosystem-analyzer.yaml
|
|
excessive-permissions:
|
|
# it's hard to test what the impact of removing these ignores would be
|
|
# without actually running the release workflow...
|
|
ignore:
|
|
- build-docker.yml
|
|
- publish-playground.yml
|
|
- publish-docs.yml
|