ci: Enable workflow_dispatch for DevSkim

[Pr0methean]

Should fix, or at least let us work around, the issue where #544 is unable to enter the merge queue because DevSkim isn't triggering for it.

[gemini-code-assist]

Summary of Changes

Hello @Pr0methean, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on refining the error handling within the xz.rs test suite. By transitioning from generic unwrap() calls to more informative expect() calls, the changes ensure that any test failures related to archive operations or file content retrieval will now provide specific, human-readable error messages. This enhancement significantly improves the diagnostic capabilities of the tests, making it easier for developers to understand and address issues when they arise.

Highlights

• Improved Error Handling in Tests: Replaced unwrap() calls with expect() in the tests/xz.rs file to provide more descriptive error messages upon test failures.
• Enhanced Debuggability: The added expect() messages offer clearer context when an archive cannot be opened, a file is not found, or content cannot be read, aiding in quicker debugging.

Ignored Files

• Ignored by pattern: .github/workflows/** (4)
  • .github/workflows/auto_merge_prs.yml
  • .github/workflows/ci.yaml
  • .github/workflows/devskim.yml
  • .github/workflows/release-plz.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request improves the decompress_xz test by replacing .unwrap() calls with .expect() and providing descriptive error messages. This is a good practice as it makes test failures easier to diagnose. I've added one suggestion to further simplify the test assertion by comparing byte slices directly, which avoids an unnecessary string conversion.

[amazon-q-developer]

Security Hardening Review

This PR implements important security improvements to the GitHub Actions workflows by adding runner hardening and pinning action versions to specific commit hashes. However, there are several critical security issues that must be addressed before merge:

Critical Issues Found:

1. Inconsistent Action Pinning: Several actions in release-plz.yml are not properly pinned to commit hashes, creating security vulnerabilities
2. PR Title Non-Compliance: The PR title "devskim-fix" does not conform to Conventional Commits format as required by the project guidelines

Required Actions:

• Fix all unpinned GitHub Actions to use commit hashes consistently
• Update PR title to follow Conventional Commits format (e.g., "chore: add security hardening to GitHub Actions workflows")

Positive Changes:

• Addition of step-security/harden-runner to audit outbound calls
• Implementation of dependency review workflow
• Improved error handling in test files
• Consistent pinning of most actions to specific commit hashes

The security improvements are valuable, but the inconsistent action pinning creates potential attack vectors that must be resolved.

---

You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.