Skip to content

Commit 454c288

Browse files
neutrinocerosCadair
neutrinoceros
authored and
Cadair
committed
MNT: add zizmor: ignore comments for template-injection audit
1 parent 9f02f67 commit 454c288

2 files changed

Lines changed: 5 additions & 5 deletions

File tree

.github/workflows/publish.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -173,11 +173,11 @@ jobs:
173173
platforms: all
174174
- name: Parse dependency groups
175175
shell: bash
176-
run: |
176+
run: | # zizmor: ignore[template-injection]
177177
echo "space_sep_groups=$( python -c "print('${{ inputs.test_groups }}'.replace(',', ' '))" )" >> "$GITHUB_ENV"
178178
- name: Configure cibuildwheel
179179
shell: bash
180-
run: |
180+
run: | # zizmor: ignore[template-injection]
181181
if [ -n "${{ inputs.test_extras }}" ];
182182
then
183183
echo "CIBW_TEST_EXTRAS=${{ inputs.test_extras }}" >> $GITHUB_ENV

.github/workflows/tox.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -133,7 +133,7 @@ jobs:
133133
TOX_MATRIX_SCRIPT: IyAvLy8gc2NyaXB0CiMgcmVxdWlyZXMtcHl0aG9uID0gIj09My4xMiIKIyBkZXBlbmRlbmNpZXMgPSBbCiMgICAgICJjbGljaz09OC4yLjEiLAojICAgICAicHl5YW1sPT02LjAuMiIsCiMgXQojIC8vLwppbXBvcnQganNvbgppbXBvcnQgb3MKaW1wb3J0IHJlCmltcG9ydCB3YXJuaW5ncwoKaW1wb3J0IGNsaWNrCmltcG9ydCB5YW1sCgoKQGNsaWNrLmNvbW1hbmQoKQpAY2xpY2sub3B0aW9uKCItLWVudnMiLCBkZWZhdWx0PSIiKQpAY2xpY2sub3B0aW9uKCItLWxpYnJhcmllcyIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tcG9zYXJncyIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tdG94ZGVwcyIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tdG94YXJncyIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tcHl0ZXN0IiwgZGVmYXVsdD0idHJ1ZSIpCkBjbGljay5vcHRpb24oIi0tcHl0ZXN0LXJlc3VsdHMtc3VtbWFyeSIsIGRlZmF1bHQ9ImZhbHNlIikKQGNsaWNrLm9wdGlvbigiLS1jb3ZlcmFnZSIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tY29uZGEiLCBkZWZhdWx0PSJhdXRvIikKQGNsaWNrLm9wdGlvbigiLS1zZXRlbnYiLCBkZWZhdWx0PSIiKQpAY2xpY2sub3B0aW9uKCItLWRpc3BsYXkiLCBkZWZhdWx0PSJmYWxzZSIpCkBjbGljay5vcHRpb24oIi0tY2FjaGUtcGF0aCIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tY2FjaGUta2V5IiwgZGVmYXVsdD0iIikKQGNsaWNrLm9wdGlvbigiLS1jYWNoZS1yZXN0b3JlLWtleXMiLCBkZWZhdWx0PSIiKQpAY2xpY2sub3B0aW9uKCItLWFydGlmYWN0LXBhdGgiLCBkZWZhdWx0PSIiKQpAY2xpY2sub3B0aW9uKCItLXJ1bnMtb24iLCBkZWZhdWx0PSIiKQpAY2xpY2sub3B0aW9uKCItLWRlZmF1bHQtcHl0aG9uIiwgZGVmYXVsdD0iIikKQGNsaWNrLm9wdGlvbigiLS10aW1lb3V0LW1pbnV0ZXMiLCBkZWZhdWx0PSIzNjAiKQpkZWYgbG9hZF90b3hfdGFyZ2V0cyhlbnZzLCBsaWJyYXJpZXMsIHBvc2FyZ3MsIHRveGRlcHMsIHRveGFyZ3MsIHB5dGVzdCwgcHl0ZXN0X3Jlc3VsdHNfc3VtbWFyeSwKICAgICAgICAgICAgICAgICAgICAgY292ZXJhZ2UsIGNvbmRhLCBzZXRlbnYsIGRpc3BsYXksIGNhY2hlX3BhdGgsIGNhY2hlX2tleSwKICAgICAgICAgICAgICAgICAgICAgY2FjaGVfcmVzdG9yZV9rZXlzLCBhcnRpZmFjdF9wYXRoLCBydW5zX29uLCBkZWZhdWx0X3B5dGhvbiwgdGltZW91dF9taW51dGVzKToKICAgICIiIlNjcmlwdCB0byBsb2FkIHRveCB0YXJnZXRzIGZvciBHaXRIdWIgQWN0aW9ucyB3b3JrZmxvdy4iIiIKICAgICMgTG9hZCBlbnZzIGNvbmZpZwogICAgZW52cyA9IHlhbWwubG9hZChlbnZzLCBMb2FkZXI9eWFtbC5CYXNlTG9hZGVyKQogICAgcHJpbnQoanNvbi5kdW1wcyhlbnZzLCBpbmRlbnQ9MikpCgogICAgIyBMb2FkIGdsb2JhbCBsaWJyYXJpZXMgY29uZmlnCiAgICBnbG9iYWxfbGlicmFyaWVzID0gewogICAgICAgICJicmV3IjogW10sCiAgICAgICAgImJyZXctY2FzayI6IFtdLAogICAgICAgICJhcHQiOiBbXSwKICAgICAgICAiY2hvY28iOiBbXSwKICAgIH0KICAgIGxpYnJhcmllcyA9IHlhbWwubG9hZChsaWJyYXJpZXMsIExvYWRlcj15YW1sLkJhc2VMb2FkZXIpCiAgICBpZiBsaWJyYXJpZXMgaXMgbm90IE5vbmU6CiAgICAgICAgZ2xvYmFsX2xpYnJhcmllcy51cGRhdGUobGlicmFyaWVzKQogICAgcHJpbnQoanNvbi5kdW1wcyhnbG9iYWxfbGlicmFyaWVzLCBpbmRlbnQ9MikpCgogICAgIyBEZWZhdWx0IGltYWdlcyB0byB1c2UgZm9yIHJ1bm5lcnMKICAgIGRlZmF1bHRfcnVuc19vbiA9IHsKICAgICAgICAibGludXgiOiAidWJ1bnR1LWxhdGVzdCIsCiAgICAgICAgIm1hY29zIjogIm1hY29zLWxhdGVzdCIsCiAgICAgICAgIndpbmRvd3MiOiAid2luZG93cy1sYXRlc3QiLAogICAgfQogICAgY3VzdG9tX3J1bnNfb24gPSB5YW1sLmxvYWQocnVuc19vbiwgTG9hZGVyPXlhbWwuQmFzZUxvYWRlcikKICAgIGlmIGlzaW5zdGFuY2UoY3VzdG9tX3J1bnNfb24sIGRpY3QpOgogICAgICAgIGRlZmF1bHRfcnVuc19vbi51cGRhdGUoY3VzdG9tX3J1bnNfb24pCiAgICBwcmludChqc29uLmR1bXBzKGRlZmF1bHRfcnVuc19vbiwgaW5kZW50PTIpKQoKICAgICMgRGVmYXVsdCBzdHJpbmcgcGFyYW1ldGVycyB3aGljaCBjYW4gYmUgb3ZlcndyaXR0ZW4gYnkgZWFjaCBlbnYKICAgIHN0cmluZ19wYXJhbWV0ZXJzID0gewogICAgICAgICJwb3NhcmdzIjogcG9zYXJncywKICAgICAgICAidG94ZGVwcyI6IHRveGRlcHMsCiAgICAgICAgInRveGFyZ3MiOiB0b3hhcmdzLAogICAgICAgICJweXRlc3QiOiBweXRlc3QsCiAgICAgICAgInB5dGVzdC1yZXN1bHRzLXN1bW1hcnkiOiBweXRlc3RfcmVzdWx0c19zdW1tYXJ5LAogICAgICAgICJjb3ZlcmFnZSI6IGNvdmVyYWdlLAogICAgICAgICJjb25kYSI6IGNvbmRhLAogICAgICAgICJzZXRlbnYiOiBzZXRlbnYsCiAgICAgICAgImRpc3BsYXkiOiBkaXNwbGF5LAogICAgICAgICJjYWNoZS1wYXRoIjogY2FjaGVfcGF0aCwKICAgICAgICAiY2FjaGUta2V5IjogY2FjaGVfa2V5LAogICAgICAgICJjYWNoZS1yZXN0b3JlLWtleXMiOiBjYWNoZV9yZXN0b3JlX2tleXMsCiAgICAgICAgImFydGlmYWN0LXBhdGgiOiBhcnRpZmFjdF9wYXRoLAogICAgICAgICJ0aW1lb3V0LW1pbnV0ZXMiOiB0aW1lb3V0X21pbnV0ZXMsCiAgICB9CgogICAgIyBDcmVhdGUgbWF0cml4CiAgICBtYXRyaXggPSB7ImluY2x1ZGUiOiBbXX0KICAgIGZvciBlbnYgaW4gZW52czoKICAgICAgICBtYXRyaXhbImluY2x1ZGUiXS5hcHBlbmQoZ2V0X21hdHJpeF9pdGVtKAogICAgICAgICAgICBlbnYsCiAgICAgICAgICAgIGdsb2JhbF9saWJyYXJpZXM9Z2xvYmFsX2xpYnJhcmllcywKICAgICAgICAgICAgZ2xvYmFsX3N0cmluZ19wYXJhbWV0ZXJzPXN0cmluZ19wYXJhbWV0ZXJzLAogICAgICAgICAgICBydW5zX29uPWRlZmF1bHRfcnVuc19vbiwKICAgICAgICAgICAgZGVmYXVsdF9weXRob249ZGVmYXVsdF9weXRob24sCiAgICAgICAgKSkKCiAgICAjIE91dHB1dCBtYXRyaXgKICAgIHByaW50KGpzb24uZHVtcHMobWF0cml4LCBpbmRlbnQ9MikpCiAgICB3aXRoIG9wZW4ob3MuZW52aXJvblsiR0lUSFVCX09VVFBVVCJdLCAiYSIpIGFzIGY6CiAgICAgICAgZi53cml0ZShmIm1hdHJpeD17anNvbi5kdW1wcyhtYXRyaXgpfVxuIikKCgpkZWYgZ2V0X21hdHJpeF9pdGVtKGVudiwgZ2xvYmFsX2xpYnJhcmllcywgZ2xvYmFsX3N0cmluZ19wYXJhbWV0ZXJzLAogICAgICAgICAgICAgICAgICAgIHJ1bnNfb24sIGRlZmF1bHRfcHl0aG9uKToKCiAgICAjIGRlZmluZSBzcGVjIGZvciBlYWNoIG1hdHJpeCBpbmNsdWRlICgrIGdsb2JhbF9zdHJpbmdfcGFyYW1ldGVycykKICAgIGl0ZW0gPSB7CiAgICAgICAgIm9zIjogTm9uZSwKICAgICAgICAidG94ZW52IjogTm9uZSwKICAgICAgICAicHl0aG9uX3ZlcnNpb24iOiBOb25lLAogICAgICAgICJuYW1lIjogTm9uZSwKICAgICAgICAicHl0ZXN0X2ZsYWciOiBOb25lLAogICAgICAgICJsaWJyYXJpZXNfYnJldyI6IE5vbmUsCiAgICAgICAgImxpYnJhcmllc19icmV3X2Nhc2siOiBOb25lLAogICAgICAgICJsaWJyYXJpZXNfYXB0IjogTm9uZSwKICAgICAgICAibGlicmFyaWVzX2Nob2NvIjogTm9uZSwKICAgICAgICAiY2FjaGUtcGF0aCI6IE5vbmUsCiAgICAgICAgImNhY2hlLWtleSI6IE5vbmUsCiAgICAgICAgImNhY2hlLXJlc3RvcmUta2V5cyI6IE5vbmUsCiAgICAgICAgImFydGlmYWN0LW5hbWUiOiBOb25lLAogICAgICAgICJhcnRpZmFjdC1wYXRoIjogTm9uZSwKICAgICAgICAidGltZW91dC1taW51dGVzIjogTm9uZSwKICAgIH0KICAgIGZvciBzdHJpbmdfcGFyYW0sIGRlZmF1bHQgaW4gZ2xvYmFsX3N0cmluZ19wYXJhbWV0ZXJzLml0ZW1zKCk6CiAgICAgICAgZW52X3ZhbHVlID0gZW52LmdldChzdHJpbmdfcGFyYW0pCiAgICAgICAgaXRlbVtzdHJpbmdfcGFyYW1dID0gZGVmYXVsdCBpZiBlbnZfdmFsdWUgaXMgTm9uZSBlbHNlIGVudl92YWx1ZQoKICAgICMgc2V0IG9zIGFuZCB0b3hlbnYKICAgIGZvciBrLCB2IGluIHJ1bnNfb24uaXRlbXMoKToKICAgICAgICBpZiBrIGluIGVudjoKICAgICAgICAgICAgcGxhdGZvcm0gPSBrCiAgICAgICAgICAgIGl0ZW1bIm9zIl0gPSBlbnYuZ2V0KCJydW5zLW9uIiwgdikKICAgICAgICAgICAgaXRlbVsidG94ZW52Il0gPSBlbnZba10KICAgIGFzc2VydCBpdGVtWyJvcyJdIGlzIG5vdCBOb25lIGFuZCBpdGVtWyJ0b3hlbnYiXSBpcyBub3QgTm9uZQoKICAgICMgc2V0IHB5dGhvbl92ZXJzaW9uCiAgICBweXRob25fdmVyc2lvbiA9IGVudi5nZXQoInB5dGhvbi12ZXJzaW9uIikKICAgIG0gPSByZS5zZWFyY2goIl5weSgyfDMpKFswLTldK3Q/KSIsIGl0ZW1bInRveGVudiJdKQogICAgaWYgcHl0aG9uX3ZlcnNpb24gaXMgbm90IE5vbmU6CiAgICAgICAgaXRlbVsicHl0aG9uX3ZlcnNpb24iXSA9IHB5dGhvbl92ZXJzaW9uCiAgICBlbGlmIG0gaXMgbm90IE5vbmU6CiAgICAgICAgbWFqb3IsIG1pbm9yID0gbS5ncm91cHMoKQogICAgICAgIGl0ZW1bInB5dGhvbl92ZXJzaW9uIl0gPSBmInttYWpvcn0ue21pbm9yfSIKICAgIGVsc2U6CiAgICAgICAgaXRlbVsicHl0aG9uX3ZlcnNpb24iXSA9IGVudi5nZXQoImRlZmF1bHRfcHl0aG9uIikgb3IgZGVmYXVsdF9weXRob24KCiAgICAjIHNldCBuYW1lCiAgICBpdGVtWyJuYW1lIl0gPSBlbnYuZ2V0KCJuYW1lIikgb3IgZid7aXRlbVsidG94ZW52Il19ICh7aXRlbVsib3MiXX0pJwoKICAgICMgc2V0IGFydGlmYWN0LW5hbWUgKHJlcGxhY2UgaW52YWxpZCBwYXRoIGNoYXJhY3RlcnMpCiAgICBpdGVtWyJhcnRpZmFjdC1uYW1lIl0gPSByZS5zdWIociJbXFwgLzo8PnwqP1wiJ10iLCAiLSIsIGl0ZW1bIm5hbWUiXSkKICAgIGl0ZW1bImFydGlmYWN0LW5hbWUiXSA9IHJlLnN1YihyIi0rIiwgIi0iLCBpdGVtWyJhcnRpZmFjdC1uYW1lIl0pCgogICAgIyBzZXQgcHl0ZXN0X2ZsYWcKICAgIGl0ZW1bInB5dGVzdF9mbGFnIl0gPSAiIgogICAgc2VwID0gciJcXCIgaWYgcGxhdGZvcm0gPT0gIndpbmRvd3MiIGVsc2UgIi8iCiAgICBpZiBpdGVtWyJweXRlc3QiXSA9PSAidHJ1ZSI6CiAgICAgICAgaWYgImNvZGVjb3YiIGluIGl0ZW0uZ2V0KCJjb3ZlcmFnZSIsICIiKToKICAgICAgICAgICAgaXRlbVsicHl0ZXN0X2ZsYWciXSArPSAoCiAgICAgICAgICAgICAgICByZiItLWNvdiAtLWNvdi1yZXBvcnQ9eG1sOiR7e0dJVEhVQl9XT1JLU1BBQ0V9fXtzZXB9Y292ZXJhZ2UueG1sICIKICAgICAgICAgICAgKQoKICAgICAgICBpZiBpdGVtWyJweXRlc3QtcmVzdWx0cy1zdW1tYXJ5Il0gPT0gInRydWUiOgogICAgICAgICAgICBpdGVtWyJweXRlc3RfZmxhZyJdICs9IHJmIi0tanVuaXR4bWwgJHt7R0lUSFVCX1dPUktTUEFDRX19e3NlcH1yZXN1bHRzLnhtbCAiCgogICAgIyBzZXQgbGlicmFyaWVzCiAgICBlbnZfbGlicmFyaWVzID0gZW52LmdldCgibGlicmFyaWVzIikKICAgIGlmIGlzaW5zdGFuY2UoZW52X2xpYnJhcmllcywgc3RyKSBhbmQgbGVuKGVudl9saWJyYXJpZXMuc3RyaXAoKSkgPT0gMDoKICAgICAgICBlbnZfbGlicmFyaWVzID0ge30gICMgbm8gbGlicmFyaWVzIHJlcXVlc3RlZCBmb3IgZW52aXJvbm1lbnQKICAgIGxpYnJhcmllcyA9IGdsb2JhbF9saWJyYXJpZXMgaWYgZW52X2xpYnJhcmllcyBpcyBOb25lIGVsc2UgZW52X2xpYnJhcmllcwogICAgZm9yIG1hbmFnZXIgaW4gWyJicmV3IiwgImJyZXdfY2FzayIsICJhcHQiLCAiY2hvY28iXToKICAgICAgICBpdGVtW2YibGlicmFyaWVzX3ttYW5hZ2VyfSJdID0gIiAiLmpvaW4obGlicmFyaWVzLmdldChtYW5hZ2VyLCBbXSkpCgogICAgaWYgaXRlbVsiY29uZGEiXToKICAgICAgICB3YXJuaW5ncy53YXJuKCJgY29uZGFgIHBhcmFtZXRlciBpcyBkZXByZWNhdGVkIikKCiAgICAgICAgIyBzZXQgImF1dG8iIGNvbmRhIHZhbHVlCiAgICAgICAgaWYgaXRlbVsiY29uZGEiXSA9PSAiYXV0byI6CiAgICAgICAgICAgIGl0ZW1bImNvbmRhIl0gPSAidHJ1ZSIgaWYgImNvbmRhIiBpbiBpdGVtWyJ0b3hlbnYiXSBlbHNlICJmYWxzZSIKCiAgICAgICAgIyBpbmplY3QgdG94ZGVwcyBmb3IgY29uZGEKICAgICAgICBpZiBpdGVtWyJjb25kYSJdID09ICJ0cnVlIiBhbmQgInRveC1jb25kYSIgbm90IGluIGl0ZW1bInRveGRlcHMiXS5sb3dlcigpOgogICAgICAgICAgICBpdGVtWyJ0b3hkZXBzIl0gPSAoInRveC1jb25kYSAiICsgaXRlbVsidG94ZGVwcyJdKS5zdHJpcCgpCgogICAgIyBtYWtlIHRpbWVvdXQtbWludXRlcyBhIG51bWJlcgogICAgaXRlbVsidGltZW91dC1taW51dGVzIl0gPSBpbnQoaXRlbVsidGltZW91dC1taW51dGVzIl0pCgogICAgIyB2ZXJpZnkgdmFsdWVzCiAgICBhc3NlcnQgaXRlbVsicHl0ZXN0Il0gaW4geyJ0cnVlIiwgImZhbHNlIn0KICAgIGFzc2VydCBpdGVtWyJjb25kYSJdIGluIHsidHJ1ZSIsICJmYWxzZSJ9CiAgICBhc3NlcnQgaXRlbVsiZGlzcGxheSJdIGluIHsidHJ1ZSIsICJmYWxzZSJ9CgogICAgcmV0dXJuIGl0ZW0KCgppZiBfX25hbWVfXyA9PSAiX19tYWluX18iOgogICAgbG9hZF90b3hfdGFyZ2V0cygpCg==
134134
- run: cat tox_matrix.py
135135
- id: set-outputs
136-
run: |
136+
run: | # zizmor: ignore[template-injection]
137137
uv run tox_matrix.py --envs "${{ inputs.envs }}" --libraries "${{ inputs.libraries }}" \
138138
--posargs "${{ inputs.posargs }}" --toxdeps "${{ inputs.toxdeps }}" \
139139
--toxargs "${{ inputs.toxargs }}" --pytest "${{ inputs.pytest }}" \
@@ -233,9 +233,9 @@ jobs:
233233
if: ${{ matrix.display == 'true' }}
234234
uses: pyvista/setup-headless-display-action@7d84ae825e6d9297a8e99bdbbae20d1b919a0b19 # v4.2
235235

236-
- run: uv pip install tox ${{ matrix.toxdeps }}
236+
- run: uv pip install tox ${{ matrix.toxdeps }} # zizmor: ignore[template-injection]
237237

238-
- run: tox -e ${{ matrix.toxenv }} ${{ matrix.toxargs }} -- ${{ matrix.pytest_flag }} ${{ matrix.posargs }}
238+
- run: tox -e ${{ matrix.toxenv }} ${{ matrix.toxargs }} -- ${{ matrix.pytest_flag }} ${{ matrix.posargs }} # zizmor: ignore[template-injection]
239239

240240
- if: ${{ (success() || failure()) && matrix.artifact-path != '' }}
241241
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0

0 commit comments

Comments
 (0)