diff --git a/.github/actions/cache/action.yml b/.github/actions/cache/action.yml index 591bb67e66..f48269e0d9 100644 --- a/.github/actions/cache/action.yml +++ b/.github/actions/cache/action.yml @@ -3,22 +3,22 @@ description: "This action caches neovim dependencies" runs: using: "composite" steps: - - run: echo "CACHE_KEY=${GITHUB_WORKFLOW}" >> $GITHUB_ENV + - run: echo "CACHE_KEY=${GITHUB_WORKFLOW}" >> $GITHUB_ENV # zizmor: ignore[github-env] shell: bash - - run: echo "CACHE_KEY=${GITHUB_JOB}" >> $GITHUB_ENV + - run: echo "CACHE_KEY=${GITHUB_JOB}" >> $GITHUB_ENV # zizmor: ignore[github-env] shell: bash - if: ${{ matrix }} env: MATRIX_JOIN: ${{ join(matrix.*, '-') }} - run: echo "CACHE_KEY=${CACHE_KEY}-${MATRIX_JOIN}" >> $GITHUB_ENV + run: echo "CACHE_KEY=${CACHE_KEY}-${MATRIX_JOIN}" >> $GITHUB_ENV # zizmor: ignore[github-env] shell: bash - if: ${{ matrix.build }} env: MATRIX_JOIN: ${{ join(matrix.build.*, '-') }} - run: echo "CACHE_KEY=${CACHE_KEY}-${MATRIX_JOIN}" >> $GITHUB_ENV + run: echo "CACHE_KEY=${CACHE_KEY}-${MATRIX_JOIN}" >> $GITHUB_ENV # zizmor: ignore[github-env] shell: bash - id: image diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index b3b1d15845..a3ad2e98c5 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -10,7 +10,7 @@ runs: steps: - name: Set $BIN_DIR shell: bash - run: echo "$BIN_DIR" >> $GITHUB_PATH + run: echo "$BIN_DIR" >> $GITHUB_PATH # zizmor: ignore[github-env] - if: ${{ runner.os != 'Windows' }} name: Set ulimit diff --git a/.github/zizmor.yml b/.github/zizmor.yml index 4241b397b0..2976bbe3fa 100644 --- a/.github/zizmor.yml +++ b/.github/zizmor.yml @@ -1,4 +1,13 @@ rules: + cache-poisoning: + ignore: + - test.yml + dangerous-triggers: + ignore: + - backport.yml + - labeler_pr.yml + - reviewers_add.yml + - reviewers_remove.yml unpinned-uses: config: policies: