Skip to content

Comments

Add zizmor pre-commit hook#139

Merged
shenanigansd merged 1 commit intomainfrom
br/zizmor
Jan 15, 2026
Merged

Add zizmor pre-commit hook#139
shenanigansd merged 1 commit intomainfrom
br/zizmor

Conversation

@shenanigansd
Copy link
Member

@shenanigansd shenanigansd commented Jan 15, 2026

No description provided.

@shenanigansd
Add zizmor pre-commit hook
673e2e2 
Signed-off-by: Bradley Reynolds <bradley.reynolds@tailstory.dev>
@shenanigansd shenanigansd self-assigned this Jan 15, 2026
Copilot AI review requested due to automatic review settings January 15, 2026 02:10
@codspeed-hq
Copy link

codspeed-hq bot commented Jan 15, 2026

Merging this PR will not alter performance

✅ 2 untouched benchmarks

Comparing br/zizmor (673e2e2) with main (e3848d8)

Open in CodSpeed

@codecov
Copy link

codecov bot commented Jan 15, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.29%. Comparing base (b879849) to head (673e2e2).
⚠️ Report is 2 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #139   +/-   ##
=======================================
  Coverage   88.29%   88.29%           
=======================================
  Files           3        3           
  Lines          94       94           
=======================================
  Hits           83       83           
  Misses         11       11

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@shenanigansd shenanigansd merged commit 0a6e822 into main Jan 15, 2026
28 checks passed
Copilot AI reviewed Jan 15, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds the zizmor pre-commit hook for security auditing of GitHub Actions workflows and makes related workflow security improvements.

Changes:

  • Added zizmor pre-commit hook and meta validation hooks to .pre-commit-config.yaml
  • Updated noxfile.py to use "prek" instead of "pre-commit" command
  • Improved GitHub Actions security by disabling credential persistence and scoping permissions appropriately

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
.pre-commit-config.yaml Adds meta hooks for validation, zizmor security hook, and removes check-json hook
noxfile.py Changes pre-commit command to "prek"
.github/workflows/python-publish-pypi.yaml Adds persist-credentials: false for security
.github/workflows/python-ci.yaml Scopes id-token permission to specific job that needs it
.github/workflows/dependency-review.yaml Adds persist-credentials: false for security

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@shenanigansd shenanigansd deleted the br/zizmor branch January 15, 2026 02:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@shenanigansd shenanigansd

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shenanigansd