yamanin/registry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
registry/.github/workflows
History
Lukasz ec57cb5c0f
CI: Pin GitHub Actions and fix zizmor high-severity findings (#667) 
## Description

This PR fixes zizmor --min-severity high findings in our GitHub Actions
workflows by:
- Pinning all uses: references to immutable commit SHAs (replaces
floating tags like @v6 / @main).
- Pinning internal Terraform setup action usage
(coder/coder/.github/actions/setup-tf@main) to a fixed ref/commit.
- Pinning crate-ci/typos to a commit SHA.
- Removing GitHub expression template expansion inside a run: block in
version-bump.yaml (prevents template injection flagged by zizmor).


## Type of Change

- [ ] New module
- [ ] New template
- [ ] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [x] Other

## Module Information

N/A

## Template Information

N/A

## Testing & Validation

- [ ] Tests pass (`bun test`)
- [ ] Code formatted (`bun fmt`)
- [x] Changes tested locally - zizmor .github/workflows/* --min-severity
high

## Related Issues

- coder/registry#642
- https://github.com/coder/registry/pull/662
2026-01-21 11:42:10 +01:00
..
check_registry_site_health.yaml
CI: Pin GitHub Actions and fix zizmor high-severity findings (#667)
2026-01-21 11:42:10 +01:00
ci.yaml
CI: Pin GitHub Actions and fix zizmor high-severity findings (#667)
2026-01-21 11:42:10 +01:00
deploy-registry.yaml
CI: Pin GitHub Actions and fix zizmor high-severity findings (#667)
2026-01-21 11:42:10 +01:00
golangci-lint.yml
CI: Pin GitHub Actions and fix zizmor high-severity findings (#667)
2026-01-21 11:42:10 +01:00
release.yml
CI: Pin GitHub Actions and fix zizmor high-severity findings (#667)
2026-01-21 11:42:10 +01:00
version-bump.yaml
CI: Pin GitHub Actions and fix zizmor high-severity findings (#667)
2026-01-21 11:42:10 +01:00