hynek/argon2-cffi-bindings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Thank you Doctor Zizmor! (#72)

Browse Source
This commit is contained in:
Hynek Schlawack 2024-10-31 16:30:25 +01:00 committed by GitHub
parent 0b4828b5bd
commit 1176780bec
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 56 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.github/workflows/ci.yml vendored
View File

@ -35,6 +35,7 @@ jobs:
- uses: actions/checkout@v4
with:
submodules: recursive
persist-credentials: false
- uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
@ -43,8 +44,9 @@ jobs:
- run: python -Im pip install tox
- name: Determine Python version for tox
env:
V: ${{ matrix.python-version }}
run: |
V=${{ matrix.python-version }}
if [[ "$V" = pypy-* ]]; then
V=$(echo $V | tr -d .-)
else
@ -53,7 +55,7 @@ jobs:
echo TOX_PYTHON=$V >>$GITHUB_ENV
- run: python -Im tox run -f ${{ env.TOX_PYTHON }}
- run: python -Im tox run -f $TOX_PYTHON
system-package:
runs-on: ubuntu-latest
@ -61,6 +63,8 @@ jobs:
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: actions/setup-python@v5
with:
python-version-file: .python-version-default
@ -82,6 +86,7 @@ jobs:
- uses: actions/checkout@v4
with:
submodules: recursive
persist-credentials: false
- uses: hynek/build-and-inspect-python-package@v2
id: baipp
@ -91,7 +96,9 @@ jobs:
python-version: "3.x" # use the one that baipp used
# Smoke-check the wheel against argon2-cffi.
- run: python -Im pip install ${{ steps.baipp.outputs.dist }}/*.whl
- run: python -Im pip install $DIST/*.whl
env:
DIST: ${{ steps.baipp.outputs.dist }}
- run: python -Im pip install --no-deps git+https://github.com/hynek/argon2-cffi.git
- run: python -Im argon2 -n 1 -t 1 -m 8 -p 1
@ -107,6 +114,7 @@ jobs:
- uses: actions/checkout@v4
with:
submodules: recursive
persist-credentials: false
- uses: actions/setup-python@v5
with:
cache: pip
@ -127,6 +135,7 @@ jobs:
- uses: actions/checkout@v4
with:
submodules: recursive
persist-credentials: false
- uses: actions/setup-python@v5
with:
cache: pip

10
.github/workflows/codeql-analysis.yml vendored
View File

@ -2,11 +2,6 @@
name: CodeQL
on:
push:
branches: [main]
pull_request:
# The branches below must be a subset of the branches above
branches: [main]
schedule:
- cron: "30 22 * * 4"
@ -30,11 +25,16 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3

1
.github/workflows/wheels.yml vendored
View File

@ -29,6 +29,7 @@ jobs:
submodules: recursive
fetch-depth: 0
fetch-tags: true
persist-credentials: false
- name: Set up QEMU
if: runner.os == 'Linux'

38
.github/workflows/zizmor.yml vendored Normal file
View File

@ -0,0 +1,38 @@
# https://github.com/woodruffw/zizmor
name: GitHub Actions Security Analysis with Zizmor
on:
push:
branches: ["main"]
pull_request:
branches: ["*"]
permissions:
contents: read
jobs:
zizmor:
name: Zizmor latest via Cargo
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Setup Rust
uses: actions-rust-lang/setup-rust-toolchain@v1
- name: Get zizmor
run: cargo install zizmor
- name: Run zizmor
run: zizmor --format sarif . > results.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
with:
# Path to SARIF file relative to the root of the repository
sarif_file: results.sarif
# Optional category for the results
# Used to differentiate multiple results for one commit
category: zizmor