diff --git a/.github/linters/zizmor.yaml b/.github/linters/zizmor.yaml index d0b6c21..b94816f 100644 --- a/.github/linters/zizmor.yaml +++ b/.github/linters/zizmor.yaml @@ -2,3 +2,16 @@ rules: template-injection: ignore: - action.yml + + secrets-outside-env: + # These test credentials are intentionally managed as organization-level + # secrets for reusable test workflows across repositories. + config: + allow: + - TEST_USER_PAT + - TEST_USER_USER_FG_PAT + - TEST_USER_ORG_FG_PAT + - TEST_APP_ENT_CLIENT_ID + - TEST_APP_ENT_PRIVATE_KEY + - TEST_APP_ORG_CLIENT_ID + - TEST_APP_ORG_PRIVATE_KEY diff --git a/.github/workflows/Linter.yml b/.github/workflows/Linter.yml index 86b4723..ba5a60b 100644 --- a/.github/workflows/Linter.yml +++ b/.github/workflows/Linter.yml @@ -1,6 +1,6 @@ name: Linter -run-name: "Linter - [${{ github.event.pull_request.title }} #${{ github.event.pull_request.number }}] by @${{ github.actor }}" +run-name: 'Linter - [${{ github.event.pull_request.title }} #${{ github.event.pull_request.number }}] by @${{ github.actor }}' on: [pull_request] @@ -25,7 +25,7 @@ jobs: fetch-depth: 0 - name: Lint code base - uses: super-linter/super-linter@61abc07d755095a68f4987d1c2c3d1d64408f1f9 # v8.5.0 + uses: super-linter/super-linter@9e863354e3ff62e0727d37183162c4a88873df41 # v8.6.0 env: GITHUB_TOKEN: ${{ github.token }} VALIDATE_BIOME_FORMAT: false diff --git a/.github/workflows/TestWorkflow.yml b/.github/workflows/TestWorkflow.yml index 08e4b96..aee9d9a 100644 --- a/.github/workflows/TestWorkflow.yml +++ b/.github/workflows/TestWorkflow.yml @@ -427,7 +427,7 @@ jobs: - name: Action-Test uses: ./ with: - Token: ${{ secrets.TEST_USER_PAT }} + Token: ${{ secrets.TEST_USER_PAT }} # zizmor: ignore[secrets-outside-env] test workflow uses org-level test secret intentionally Prerelease: ${{ inputs.Prerelease }} ShowRateLimit: true Script: | @@ -455,7 +455,7 @@ jobs: - name: Action-Test uses: ./ with: - Token: ${{ secrets.TEST_USER_USER_FG_PAT }} + Token: ${{ secrets.TEST_USER_USER_FG_PAT }} # zizmor: ignore[secrets-outside-env] test workflow uses org-level test secret intentionally Prerelease: ${{ inputs.Prerelease }} ShowRateLimit: true Script: | @@ -483,7 +483,7 @@ jobs: - name: Action-Test uses: ./ with: - Token: ${{ secrets.TEST_USER_ORG_FG_PAT }} + Token: ${{ secrets.TEST_USER_ORG_FG_PAT }} # zizmor: ignore[secrets-outside-env] test workflow uses org-level test secret intentionally Prerelease: ${{ inputs.Prerelease }} ShowRateLimit: true Script: | @@ -511,8 +511,8 @@ jobs: - name: Action-Test uses: ./ with: - ClientID: ${{ secrets.TEST_APP_ENT_CLIENT_ID }} - PrivateKey: ${{ secrets.TEST_APP_ENT_PRIVATE_KEY }} + ClientID: ${{ secrets.TEST_APP_ENT_CLIENT_ID }} # zizmor: ignore[secrets-outside-env] test workflow uses org-level test secret intentionally + PrivateKey: ${{ secrets.TEST_APP_ENT_PRIVATE_KEY }} # zizmor: ignore[secrets-outside-env] test workflow uses org-level test secret intentionally Prerelease: ${{ inputs.Prerelease }} ShowRateLimit: true Script: | @@ -548,8 +548,8 @@ jobs: - name: Action-Test uses: ./ with: - ClientID: '${{ secrets.TEST_APP_ORG_CLIENT_ID }}' # Test with quotes on input - PrivateKey: '${{ secrets.TEST_APP_ORG_PRIVATE_KEY }}' # Test with quotes on input + ClientID: '${{ secrets.TEST_APP_ORG_CLIENT_ID }}' # Test with quotes on input # zizmor: ignore[secrets-outside-env] test workflow uses org-level test secret intentionally + PrivateKey: '${{ secrets.TEST_APP_ORG_PRIVATE_KEY }}' # Test with quotes on input # zizmor: ignore[secrets-outside-env] test workflow uses org-level test secret intentionally Prerelease: ${{ inputs.Prerelease }} ShowRateLimit: true Script: | @@ -687,7 +687,7 @@ jobs: - name: Action-Test with PreserveCredentials false uses: ./ with: - Token: ${{ secrets.TEST_USER_PAT }} + Token: ${{ secrets.TEST_USER_PAT }} # zizmor: ignore[secrets-outside-env] test workflow uses org-level test secret intentionally PreserveCredentials: false Prerelease: ${{ inputs.Prerelease }} ShowRateLimit: true