Skip to content

CI: fix some Zizmor complaints#1632

Merged
SpacemanPaul merged 6 commits into
opendatacube:developfrom
pjonsson:ci-avoid-cache-poisoning
Jun 15, 2026
Merged

CI: fix some Zizmor complaints#1632
SpacemanPaul merged 6 commits into
opendatacube:developfrom
pjonsson:ci-avoid-cache-poisoning

Conversation

@pjonsson

@pjonsson pjonsson commented Jun 15, 2026
edited by github-actions Bot
Loading

Copy link
Copy Markdown
Contributor

Fix most of the security complaints from Zizmor, and some of the pedantic stuff like naming jobs so there is less noise in the Zizmor output

📚 Documentation preview 📚: https://datacube-ows--1632.org.readthedocs.build/en/1632/

pjonsson added 6 commits June 15, 2026 19:02
@pjonsson
CI: disable uv cache for releases
d91d7cd 
There is a risk of cache poisoning
when producing the release packages,
so disable the uv cache on releases.
@pjonsson
CI: name all workflows
3379277
@pjonsson
CI: comment use of permissions
916513a
@pjonsson
CI: avoid template expansion
ec2d743 
The variable is defined at
the top level, so just use
that without going through
template expansion.
@pjonsson
CI: avoid template injection
1bbbfa7 
Make the shell perform the variable
expansion to avoid template injection
possibilities.
@pjonsson
CI: add concurrency limits
fe347b2
@codecov

codecov Bot commented Jun 15, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.30%. Comparing base (daabe9e) to head (fe347b2).
⚠️ Report is 1 commits behind head on develop.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff            @@
##           develop    #1632   +/-   ##
========================================
  Coverage    92.30%   92.30%           
========================================
  Files           56       56           
  Lines         7253     7253           
========================================
  Hits          6695     6695           
  Misses         558      558
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@SpacemanPaul SpacemanPaul merged commit e66809f into opendatacube:develop Jun 15, 2026
17 checks passed
@pjonsson pjonsson deleted the ci-avoid-cache-poisoning branch June 16, 2026 07:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SpacemanPaul SpacemanPaul SpacemanPaul approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pjonsson @SpacemanPaul