mirror of
https://github.com/bevyengine/bevy.git
synced 2026-07-01 08:12:51 -04:00
13ed0a69d2
# Objective Minimize security issues Real issues don't get drowned out from fixable small issues ## Solution Apply recommended fixes such as passing secrets explicitly. Ignore a lint in 2 workflows because it is necessary. ## Testing Ran Zizmor locally ``` techn0@IO ~/source/bevy main ± zizmor . --fix=all 🌈 zizmor v1.22.0 INFO audit: zizmor: 🌈 completed ./.github/actions/install-linux-deps/action.yml INFO audit: zizmor: 🌈 completed ./.github/dependabot.yml INFO audit: zizmor: 🌈 completed ./.github/workflows/action-on-PR-labeled.yml INFO audit: zizmor: 🌈 completed ./.github/workflows/ci-comment-failures.yml INFO audit: zizmor: 🌈 completed ./.github/workflows/ci.yml INFO audit: zizmor: 🌈 completed ./.github/workflows/dependencies.yml INFO audit: zizmor: 🌈 completed ./.github/workflows/docs.yml INFO audit: zizmor: 🌈 completed ./.github/workflows/example-run-report.yml INFO audit: zizmor: 🌈 completed ./.github/workflows/example-run.yml INFO audit: zizmor: 🌈 completed ./.github/workflows/post-release.yml INFO audit: zizmor: 🌈 completed ./.github/workflows/security-static-analysis.yml INFO audit: zizmor: 🌈 completed ./.github/workflows/send-screenshots-to-pixeleagle.yml INFO audit: zizmor: 🌈 completed ./.github/workflows/update-caches.yml INFO audit: zizmor: 🌈 completed ./.github/workflows/validation-jobs.yml INFO audit: zizmor: 🌈 completed ./.github/workflows/weekly.yml INFO audit: zizmor: 🌈 completed ./.github/workflows/welcome.yml error[dangerous-triggers]: use of fundamentally insecure workflow trigger --> ./.github/workflows/ci-comment-failures.yml:6:1 | 6 | / on: 7 | | workflow_run: 8 | | workflows: ["CI"] 9 | | types: 10 | | - completed | |_________________^ workflow_run is almost always used insecurely | = note: audit confidence → Medium error[dangerous-triggers]: use of fundamentally insecure workflow trigger --> ./.github/workflows/example-run-report.yml:10:1 | 10 | / on: 11 | | workflow_run: 12 | | workflows: ["Example Run"] 13 | | types: 14 | | - completed | |_________________^ workflow_run is almost always used insecurely | = note: audit confidence → Medium 121 findings (2 ignored, 117 suppressed): 0 informational, 0 low, 0 medium, 2 high ```
27 lines
484 B
YAML
27 lines
484 B
YAML
version: 2
|
|
updates:
|
|
- package-ecosystem: cargo
|
|
directory: /
|
|
schedule:
|
|
interval: weekly
|
|
labels:
|
|
- "C-Dependencies"
|
|
groups:
|
|
wgpu:
|
|
patterns:
|
|
- "*wgpu*"
|
|
- "naga*"
|
|
accesskit:
|
|
patterns:
|
|
- "accesskit*"
|
|
cooldown:
|
|
default-days: 7
|
|
- package-ecosystem: github-actions
|
|
directory: /
|
|
schedule:
|
|
interval: weekly
|
|
labels:
|
|
- "C-Dependencies"
|
|
cooldown:
|
|
default-days: 7
|