mirror of
https://github.com/astral-sh/ruff
synced 2026-01-20 21:10:48 -05:00
8e61da740a
## Summary Adds a new workflow that generates an ecosystem report of all diagnostics and publishes it to Cloudflare pages. ## Test Plan Not yet tested.
22 lines
678 B
YAML
22 lines
678 B
YAML
# Configuration for the zizmor static analysis tool, run via pre-commit in CI
|
|
# https://woodruffw.github.io/zizmor/configuration/
|
|
#
|
|
# TODO: can we remove the ignores here so that our workflows are more secure?
|
|
rules:
|
|
dangerous-triggers:
|
|
ignore:
|
|
- pr-comment.yaml
|
|
cache-poisoning:
|
|
ignore:
|
|
- build-docker.yml
|
|
- publish-playground.yml
|
|
- ty-ecosystem-analyzer.yaml
|
|
- ty-ecosystem-report.yaml
|
|
excessive-permissions:
|
|
# it's hard to test what the impact of removing these ignores would be
|
|
# without actually running the release workflow...
|
|
ignore:
|
|
- build-docker.yml
|
|
- publish-playground.yml
|
|
- publish-docs.yml
|